openssh-6.3p1-5.fc20 fails with "EC_KEY_new_by_curve_name failed"
Corinna Vinschen
fedora at cygwin.de
Mon Nov 11 16:27:14 UTC 2013
Hi,
https://admin.fedoraproject.org/updates/FEDORA-2013-19918/openssh-6.3p1-4.fc20
claims openssh-6.3p1-4 and later, in conjuntion with openssl-1.0.1e-30.fc20
will allow to use ECDSA keys for pubkey authentication.
I have existing ECDSA keys from my non-Fedora installations using
vanilla openssh and openssl packages.
So I installed openssh-6.3p1-5 and openssl-1.0.1e-30. When trying to
use the aforementioned private ECDSA key to access one of the other
machines, it doesn't work. I'm getting an error message instead:
$ ssh some-machine
key_from_blob: EC_KEY_new_by_curve_name failed
Worse, I can't even connect to other machines using an RSA key, even if
I change the remote authorized_keys file accordingly. The debug output
shows that in this case the connection attempt goes more or less
through, until the connection stops with the same message as above:
key_from_blob: EC_KEY_new_by_curve_name failed
The openssh ECDSA key format can't be different between different
versions of openssh, otherwise the keys wouldn't be usable on different
machines.
I also didn't see any bug reports that the new openssh version would not
be able to use ECDSA keys for some reason (ssh-keygen allows to create
new ECDSA keys, after all). If I revert to the vanilla openssh/openssl
versions, connecting via ECDSA key works as expected again.
Does anybody have an idea what the problem could be?
TIA,
Corinna
More information about the users
mailing list