Bug#928684: [Pkg-privacy-maintainers] Bug#928684: monkeysphere-host import-key broken due to ssh-keygen change
On Fri, May 10, 2019 at 07:21:24AM +, Andrei Morgan wrote: > On Wed, May 08, 2019 at 06:17:03PM -0400, Daniel Kahn Gillmor wrote: > > As a workaround, if you don't care about the existing RSA hostkey on > > your server, you can just re-generate it with: > > > > rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub > > ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key > > Thanks for the advice. unfortunately, this does not work: After discussion with someone else, I figured out how to fix this workaround: ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key -m PEM This provides me with: root@server:~# grep ^- /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_ecdsa_key:-BEGIN OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ecdsa_key:-END OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ed25519_key:-BEGIN OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ed25519_key:-END OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_rsa_key:-BEGIN RSA PRIVATE KEY- /etc/ssh/ssh_host_rsa_key:-END RSA PRIVATE KEY- root@server:~# And the `monkeysphere-host import-key` command also worked. root@server:~# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.com ms: host key imported: pub rsa2048 2019-05-10 [CA] 2E66A858557528DDA4D8E1FCBB8427731FCCD81A uid [ unknown] ssh://server.example.com OpenPGP fingerprint: 2E66A858557528DDA4D8E1FCBB8427731FCCD81A ssh fingerprint: 2048 SHA256:qNes+pJ9gPZ+l6OS8ZJYc9xZhRdFV/10YaAslEwkXcU . (RSA) root@server:~# The only thing I don't know is whether this will have any future implications, but I guess that as servers being upgraded from stretch to buster will retain the old-style (i.e. PEM) format, there shouldn't be any big problems. Cheers, -- Andrei -- Andrei Morgan MRCPCH, MSc, PhD (Epidemiology / Neonatology) https://www.andreimorgan.net/info/contact signature.asc Description: PGP signature
Bug#928684: [Pkg-privacy-maintainers] Bug#928684: monkeysphere-host import-key broken due to ssh-keygen change
On Wed, May 08, 2019 at 06:17:03PM -0400, Daniel Kahn Gillmor wrote: > As a workaround, if you don't care about the existing RSA hostkey on > your server, you can just re-generate it with: > > rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub > ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key Thanks for the advice. unfortunately, this does not work: root@server:~# rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub root@server:~# ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: SHA256:sA2Y6dG8QqCZQ3yfimLSjpSTPzZ7bq+UMmZmpyBc0tM root@server The key's randomart image is: +---[RSA 2048]+ |... | |.= o * | |= . B * | | ..o.+ * | | o+++Eo S| |+B+ | |*=oB + | |o B=*o | | .oBoo. | +[SHA256]-+ root@server:~# grep ^- /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_ecdsa_key:-BEGIN OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ecdsa_key:-END OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ed25519_key:-BEGIN OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_ed25519_key:-END OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_rsa_key:-BEGIN OPENSSH PRIVATE KEY- /etc/ssh/ssh_host_rsa_key:-END OPENSSH PRIVATE KEY- root@server:~# with, consequently, the same error: root@server:~# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.com RSA.xs:194: OpenSSL error: no start line at /usr/bin/pem2openpgp line 1106, line 1. gpg: no valid OpenPGP data found. root@server:~# I'm afraid I lack the knowledge to really try and do anything else you suggested, but I will certainly keep on trying to implement any suggested fixes :) Thanks again for all the hard work in maintaining and providing this extremely useful package, -- Andrei -- Andrei Morgan MRCPCH, MSc, PhD (Epidemiology / Neonatology) https://www.andreimorgan.net/info/contact signature.asc Description: PGP signature
Bug#928684: monkeysphere-host import-key broken due to ssh-keygen change
Package: monkeysphere Version: 0.43-2 Severity: grave Tags: upstream a11y Justification: renders package unusable Dear Maintainer, On a fresh new install of Debian Buster, I was trying to set up monkeysphere to allow ssh access: # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.net RSA.xs:194: OpenSSL error: no start line at /usr/bin/pem2openpgp line 1106, line 1. gpg: no valid OpenPGP data found. # it appears that ssh-keygen is now producing -BEGIN OPENSSH PRIVATE KEY- headers which has lead to this no longer working. I believe it used to say -BEGIN RSA PRIVATE KEY- instead. Thanks for your help, -- Andrei -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages monkeysphere depends on: ii adduser3.118 ii gnupg 2.2.12-1 ii libcrypt-openssl-rsa-perl 0.31-1+b1 pn libdigest-sha-perl ii lockfile-progs 0.1.18 ii openssh-client 1:7.9p1-10 ii perl 5.28.1-6 Versions of packages monkeysphere recommends: ii agent-transfer 0.43-2 ii cron [cron-daemon] 3.0pl1-133 ii netcat-openbsd [netcat] 1.195-2 ii ssh-askpass 1:1.2.4.1-10 Versions of packages monkeysphere suggests: pn monkeysphere-validation-agent -- no debconf information
Bug#865177: /usr/share/monkeysphere/m/subkey_to_ssh_agent: line 123: agent-transfer: command not found
Hi, On Mon, Jun 19, 2017 at 06:11:31PM +0100, Andrei Morgan wrote: > This seems to be related to/the same as Bug#835719. I have just upgraded > from 'jessie' to 'stretch' (i.e. debian stable upgrade). Now I am unable > to use monkeysphere: > > 0 user@computer:~$ monkeysphere s > /usr/share/monkeysphere/m/subkey_to_ssh_agent: line 123: agent-transfer: > command not found > 127 user@computer:~$ > > I'm afraid I get no additional information > Versions of packages monkeysphere depends on: > ii adduser 3.115 > ii gnupg 2.1.18-6 > ii libcrypt-openssl-rsa-perl 0.28-5 > ii libperl5.24 [libdigest-sha-perl] 5.24.1-3 > ii lockfile-progs0.1.17+b1 > > Versions of packages monkeysphere recommends: > pn agent-transfer > ii cron [cron-daemon] 3.0pl1-128+b1 > ii netcat-traditional [netcat] 1.10-41+b1 > ii openssh-client 1:7.4p1-10 > pn ssh-askpass ok, I figured it out following the bugreport: when I upgraded, I was manually required to install monkeysphere. When I manually install, I generally use the option --no-install-recommends in order to keep bloat out of my system (which variously suffers anyway). Turns out package 'agent-transfer' is recommended rather than a dependency. I realised this after seeing a similar problem with GPG and finding bug #845720 where dkg highlights the differences between Recommends and Depends. I believe 'agent-transfer' should be a Depends and therefore this is a bug in the debian package. Best wishes, -- Andrei -- Andrei Morgan MRCPCH, MSc, PhD (Epidemiology / Neonatology) https://www.andreimorgan.net/info/contact signature.asc Description: Digital signature
Bug#865177: /usr/share/monkeysphere/m/subkey_to_ssh_agent: line 123: agent-transfer: command not found
Package: monkeysphere Version: 0.41-1 Severity: important Justification: renders package unusable Dear Maintainer, This seems to be related to/the same as Bug#835719. I have just upgraded from 'jessie' to 'stretch' (i.e. debian stable upgrade). Now I am unable to use monkeysphere: 0 user@computer:~$ monkeysphere s /usr/share/monkeysphere/m/subkey_to_ssh_agent: line 123: agent-transfer: command not found 127 user@computer:~$ I'm afraid I get no additional information when using MONKEYSPHERE_LOG_LEVEL=DEBUG. It's unclear to me how to fix this - I note that previously dkg said "looks like this only affects systems where gpg itself is 2.1.x, which is why the build is now failin... " Thanks, -- Andrei -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (900, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages monkeysphere depends on: ii adduser 3.115 ii gnupg 2.1.18-6 ii libcrypt-openssl-rsa-perl 0.28-5 ii libperl5.24 [libdigest-sha-perl] 5.24.1-3 ii lockfile-progs0.1.17+b1 Versions of packages monkeysphere recommends: pn agent-transfer ii cron [cron-daemon] 3.0pl1-128+b1 ii netcat-traditional [netcat] 1.10-41+b1 ii openssh-client 1:7.4p1-10 pn ssh-askpass Versions of packages monkeysphere suggests: pn monkeysphere-validation-agent -- no debconf information
Bug#693261: xtable: xtable version is out of date
Package: r-cran-xtable Version: 1:1.5-6-1 Severity: important File: xtable Dear Maintainer, xtable is extremely outdated - version 1.5-6 dates from 2009-10-30. The most recent stable version is 1.6-0 (2011-10-07) and there is another, even more recent version 1.7-0 which was published on 2012-02-10 and has a whole host of additional features. See http://cran.r-project.org/web/packages/xtable/index.html for more information. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages r-cran-xtable depends on: ii r-base-core 2.15.1-4 r-cran-xtable recommends no packages. r-cran-xtable suggests no packages. -- no debconf information If you want to provide additional information, please wait to receive the bug tracking number via email; you may then send any extra information to n...@bugs.debian.org (e.g. 999...@bugs.debian.org), where n is the bug number. Normally you will receive an acknowledgement via email including the bug report number within an hour; if you haven't received a confirmation, then the bug reporting process failed at some point (reportbug or MTA failure, BTS maintenance, etc.). -- Andrei Morgan MRCPCH, MSc. (Epidemiology) signature.asc Description: Digital signature
Bug#474343: update-grub ends with exit code 139
hi, i'm afraid i am getting this problem also with version: 1.96+20080413-1 i haven't used the bug reporting system before so i apologise if i am doing this incorrectly. my system is debian 2.6.24-1-686 pinned to testing then stable then unstable, running on an apple macbook pro, 2008 model. everything has been working fine until the most recent revision as far as i can recall. a bit about my computer: it is a dual boot with apple osx. i use refit to choose the linux os, then it goes into grub and i get the choice of kernels. the specific devices used by debian are /dev/sda[4,5] /dev/sda4 is the boot device. /dev/sda5 is encrypted using dmcrypt. i then have lvm running on top of that with one volume group and 5 logical volumes. one of these is swap, the other 4 are mounted as: / /home /tmp /var i also have 2 other partitions that are shared with osx - /dev/sda2 mounted ro and /dev/sda3 mounted rw. if there is anything else i can do to help diagnose the problem, then please let me know... i'm reasonably confident with the command line, although no whizz (hobbiest rather than work with computers). thanks, --andrei signature.asc Description: OpenPGP digital signature
