On Sat, Nov 19, 2016 at 08:05:15PM +0000, Colin Watson wrote: > On Sat, Nov 19, 2016 at 07:37:54PM +0100, Santiago Vila wrote: > > On some systems, openssh-server postinst fails to generate correct > > ECDSA host keys: > [...] > > ecdsa-sha2-nistp256 > > AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKXa7AmJqSutzd/0xiKpHUb9Od0FZmGBOW7CowUItSeoa2Y7mz/K5V/PLUy6Xr/pxcMvIVMIwR4dt67ZPxSobHk= > > root@mymachine > > It appears to be a problem with reading (and fingerprinting) the public > key rather than with generating it, perhaps? At least, if I save that > public key to bad-ecdsa.pub and run "ssh-keygen -l -f ./bad-ecdsa.pub" > here, it seems quite happy with it. That suggests that the output of > "ssh-keygen -vvv -l -f /etc/ssh/ssh_host_ecdsa_key.pub" on a system that > doesn't work would be of some use, perhaps under valgrind.
The machine where it happens is a QEMU/KVM virtual machine. I believed this to be a bug in ssh because downgrading to the jessie version fixed the issue, but now I'm not sure. In the same machine another weird thing happens: disk I/O performance is radically worse than the host (native) system. I'll try to investigate a little bit more. Thanks.
