Corinna Vinschen wrote:
On Nov 11 20:44, Corinna Vinschen wrote:
> On Nov 11 12:14, Michael Cronenworth wrote:
>> Corinna Vinschen wrote:
>>> Does anybody have an idea what the problem could be?
>>
>> Only ECC NIST Suite B curves were enabled in Fedora packages. If
>> your keys use a different curve then they wouldn't work.
>
> If you call ssh-keygen -t ecdsa, there's no choice of curves to be made.
> An ECDSA openssh key should work on any machine which has ECDSA openssh
> keys enabled. In theory.
>
> If I generate a new ECDSA key with ssh-keygen from openssh-6.3p1-5,
> the error message is the same when trying to use that key.
>
>> I see OpenSSL was patched a few days ago to enable another curve,
>> but no update has been pushed yet.
>
> I hope that will fix it. I'm just a bit puzzled that nobody seems to
> have a problem yet. I can't believe I'm trying to do something unusual.
That change, reenabling the ecdsa-sha2-nistp521 curves, in fact fixes
the problem, since my ECDSA key is actually a 521 bit key.
Policy to use those, or are you in the "more secure" camp on curves vs.
legacy
public keys?
--
Bill Davidsen <davidsen(a)tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot