openssh-6.3p1-5.fc20 fails with "EC_KEY_new_by_curve_name failed"
Corinna Vinschen
fedora at cygwin.de
Tue Nov 12 15:37:42 UTC 2013
On Nov 11 20:44, Corinna Vinschen wrote:
> On Nov 11 12:14, Michael Cronenworth wrote:
> > Corinna Vinschen wrote:
> > >Does anybody have an idea what the problem could be?
> >
> > Only ECC NIST Suite B curves were enabled in Fedora packages. If
> > your keys use a different curve then they wouldn't work.
>
> If you call ssh-keygen -t ecdsa, there's no choice of curves to be made.
> An ECDSA openssh key should work on any machine which has ECDSA openssh
> keys enabled. In theory.
>
> If I generate a new ECDSA key with ssh-keygen from openssh-6.3p1-5,
> the error message is the same when trying to use that key.
>
> > I see OpenSSL was patched a few days ago to enable another curve,
> > but no update has been pushed yet.
>
> I hope that will fix it. I'm just a bit puzzled that nobody seems to
> have a problem yet. I can't believe I'm trying to do something unusual.
That change, reenabling the ecdsa-sha2-nistp521 curves, in fact fixes
the problem, since my ECDSA key is actually a 521 bit key.
Thanks,
Corinna
More information about the users
mailing list