From anders@totem.fix.no  Mon Apr  8 12:17:58 2002
Return-Path: <anders@totem.fix.no>
Received: from totem.fix.no (totem.fix.no [80.91.32.29])
	by hub.freebsd.org (Postfix) with ESMTP id 92E3C37B419
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  8 Apr 2002 12:17:57 -0700 (PDT)
Received: by totem.fix.no (Postfix, from userid 1000)
	id D048F2031E; Mon,  8 Apr 2002 21:18:23 +0200 (CEST)
Message-Id: <20020408191823.D048F2031E@totem.fix.no>
Date: Mon,  8 Apr 2002 21:18:23 +0200 (CEST)
From: Anders Nordby <anders@fix.no>
Reply-To: Anders Nordby <anders@fix.no>
To: FreeBSD-gnats-submit@freebsd.org
Subject: Generate SSH2 RSA host key
X-Send-Pr-Version: 3.2

>Number:         36894
>Category:       conf
>Synopsis:       Generate SSH2 RSA host key
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 08 12:20:04 PDT 2002
>Closed-Date:    Sun Jun 23 13:03:39 PDT 2002
>Last-Modified:  Sun Jun 23 13:03:39 PDT 2002
>Originator:     Anders Nordby
>Release:        FreeBSD current 5.0-20020407-CURRENT
>Organization:
Fluxpod Information eXchange
>Environment:

FreeBSD current 5.0-20020407-CURRENT

>Description:

sshd complains when started on boot: Could not load host key:
/etc/ssh/ssh_host_rsa_key

>How-To-Repeat:

# echo 'sshd_enable="YES"' >>/etc/rc.conf

Reboot system, watch output while "Starting standard daemons" runs.

>Fix:

Index: rc.network
===================================================================
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.132
diff -u -r1.132 rc.network
--- rc.network	1 Apr 2002 18:33:45 -0000	1.132
+++ rc.network	8 Apr 2002 19:12:55 -0000
@@ -853,9 +853,14 @@
 	[Yy][Ee][Ss])
 		if [ -x /usr/bin/ssh-keygen ]; then
 			if [ ! -f /etc/ssh/ssh_host_key ]; then
-				echo ' creating ssh RSA host key';
+				echo ' creating ssh RSA1 host key';
 				/usr/bin/ssh-keygen -trsa1 -N "" \
 					-f /etc/ssh/ssh_host_key
+			fi
+			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+				echo ' creating ssh RSA host key';
+				/usr/bin/ssh-keygen -trsa -N "" \
+					-f /etc/ssh/ssh_host_rsa_key
 			fi
 			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
 				echo ' creating ssh DSA host key';
>Release-Note:
>Audit-Trail:

From: Joshua Goodall <joshua@roughtrade.net>
To: freebsd-gnats-submit@FreeBSD.org, anders@fix.no
Cc: des@freebsd.org
Subject: Re: conf/36894: Generate SSH2 RSA host key
Date: Wed, 10 Apr 2002 22:16:22 +1000

 Previous ssh configuration, preserved in -stable, was to not include a host 
 RSA key. This changed with the import of OpenSSH v3.1, and the regularisation 
 of the sshd_config file (to contain all defaults, but largely commented out.)
 
 With that in mind, and with a preference for preserving existing policy - I'd 
 suggest the diff below as an alternative.
 
 Index: crypto/openssh/servconf.c
 ===================================================================
 RCS file: /cvs/src/crypto/openssh/servconf.c,v
 retrieving revision 1.26
 diff -u -r1.26 servconf.c
 --- crypto/openssh/servconf.c	26 Mar 2002 12:27:43 -0000	1.26
 +++ crypto/openssh/servconf.c	10 Apr 2002 11:57:27 -0000
 @@ -122,12 +122,9 @@
  		if (options->protocol & SSH_PROTO_1)
  			options->host_key_files[options->num_host_key_files++] =
  			    _PATH_HOST_KEY_FILE;
 -		if (options->protocol & SSH_PROTO_2) {
 -			options->host_key_files[options->num_host_key_files++] =
 -			    _PATH_HOST_RSA_KEY_FILE;
 +		if (options->protocol & SSH_PROTO_2)
  			options->host_key_files[options->num_host_key_files++] =
  			    _PATH_HOST_DSA_KEY_FILE;
 -		}
  	}
  	if (options->num_ports == 0)
  		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;

From: Dag-Erling Smorgrav <des@ofug.org>
To: Joshua Goodall <joshua@roughtrade.net>
Cc: freebsd-gnats-submit@FreeBSD.org, anders@fix.no
Subject: Re: conf/36894: Generate SSH2 RSA host key
Date: 10 Apr 2002 15:16:55 +0200

 Joshua Goodall <joshua@roughtrade.net> writes:
 > Previous ssh configuration, preserved in -stable, was to not include
 > a host RSA key. This changed with the import of OpenSSH v3.1, and
 > the regularisation of the sshd_config file (to contain all defaults,
 > but largely commented out.)
 > 
 > With that in mind, and with a preference for preserving existing
 > policy - I'd suggest the diff below as an alternative.
 
 Thanks!  I was going to do something like this, but I forgot.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
State-Changed-From-To: open->closed 
State-Changed-By: anders 
State-Changed-When: Sun Jun 23 13:03:20 PDT 2002 
State-Changed-Why:  
This isn't a problem anymore. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=36894 
>Unformatted:
