On Sat, Nov 19, 2016 at 07:37:54PM +0100, Santiago Vila wrote: > On some systems, openssh-server postinst fails to generate correct > ECDSA host keys: [...] > ecdsa-sha2-nistp256 > AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKXa7AmJqSutzd/0xiKpHUb9Od0FZmGBOW7CowUItSeoa2Y7mz/K5V/PLUy6Xr/pxcMvIVMIwR4dt67ZPxSobHk= > root@mymachine
It appears to be a problem with reading (and fingerprinting) the public key rather than with generating it, perhaps? At least, if I save that public key to bad-ecdsa.pub and run "ssh-keygen -l -f ./bad-ecdsa.pub" here, it seems quite happy with it. That suggests that the output of "ssh-keygen -vvv -l -f /etc/ssh/ssh_host_ecdsa_key.pub" on a system that doesn't work would be of some use, perhaps under valgrind. -- Colin Watson [cjwat...@debian.org]
