[Pkg-privacy-maintainers] Bug#928684: Bug#928684: monkeysphere-host import-key broken due to ssh-keygen change

Fri May 10 08:21:24 BST 2019

On Wed, May 08, 2019 at 06:17:03PM -0400, Daniel Kahn Gillmor wrote:
> As a workaround, if you don't care about the existing RSA hostkey on
> your server, you can just re-generate it with:
> 
>      rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
>      ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key

Thanks for the advice. unfortunately, this does not work:

     root at server:~# rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
     root at server:~# ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
     Generating public/private rsa key pair.
     Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
     Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
     The key fingerprint is:
     SHA256:sA2Y6dG8QqCZQ3yfimLSjpSTPzZ7bq+UMmZmpyBc0tM root at server
     The key's randomart image is:
     +---[RSA 2048]----+
     |...              |
     |.= o *           |
     |= . B *          |
     | ..o.+ *         |
     | o+++Eo S        |
     |+B+....          |
     |*=oB +           |
     |o B=*o           |
     |  .oBoo.         |
     +----[SHA256]-----+
     root at server:~# grep ^----- /etc/ssh/ssh_host_*_key
     /etc/ssh/ssh_host_ecdsa_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ecdsa_key:-----END OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ed25519_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_ed25519_key:-----END OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_rsa_key:-----BEGIN OPENSSH PRIVATE KEY-----
     /etc/ssh/ssh_host_rsa_key:-----END OPENSSH PRIVATE KEY-----
     root at server:~#

with, consequently, the same error:

     root at server:~# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.com
     RSA.xs:194: OpenSSL error: no start line at /usr/bin/pem2openpgp line 1106, <STDIN> line 1.
     gpg: no valid OpenPGP data found.
     root at server:~#

I'm afraid I lack the knowledge to really try and do anything else you
suggested, but I will certainly keep on trying to implement any
suggested fixes :)

Thanks again for all the hard work in maintaining and providing this
extremely useful package,

       -- Andrei

-- 
Andrei Morgan MRCPCH, MSc, PhD (Epidemiology / Neonatology)
https://www.andreimorgan.net/info/contact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20190510/4d6c9911/attachment.sig>