openssh-6.3p1-5.fc20 fails with "EC_KEY_new_by_curve_name failed"
Corinna Vinschen
fedora at cygwin.de
Thu Nov 21 14:55:33 UTC 2013
On Nov 20 15:04, Bill Davidsen wrote:
> Corinna Vinschen wrote:
> >On Nov 11 20:44, Corinna Vinschen wrote:
> >>On Nov 11 12:14, Michael Cronenworth wrote:
> >>>Corinna Vinschen wrote:
> >>>>Does anybody have an idea what the problem could be?
> >>>
> >>>Only ECC NIST Suite B curves were enabled in Fedora packages. If
> >>>your keys use a different curve then they wouldn't work.
> >>
> >>If you call ssh-keygen -t ecdsa, there's no choice of curves to be made.
> >>An ECDSA openssh key should work on any machine which has ECDSA openssh
> >>keys enabled. In theory.
> >>
> >>If I generate a new ECDSA key with ssh-keygen from openssh-6.3p1-5,
> >>the error message is the same when trying to use that key.
> >>
> >>>I see OpenSSL was patched a few days ago to enable another curve,
> >>>but no update has been pushed yet.
> >>
> >>I hope that will fix it. I'm just a bit puzzled that nobody seems to
> >>have a problem yet. I can't believe I'm trying to do something unusual.
> >
> >That change, reenabling the ecdsa-sha2-nistp521 curves, in fact fixes
> >the problem, since my ECDSA key is actually a 521 bit key.
> >
> Policy to use those, or are you in the "more secure" camp on curves
> vs. legacy public keys?
Security and interoperability.
Corinna
More information about the users
mailing list