Bug#301968: lsh-server fails to create the hostkey

[Niels Möller]

Stefan Pfetzing <[EMAIL PROTECTED]> writes:

> lsh-server fails to create the hostkey, possibly because the lsh-keygen
> options are changed. --nist-level now is the length in bit of the rsa
> key.

I think it's because lsh-keygen defaults to RSA keys now; in earlier
versions DSA keys were the default (and before that, DSA was the only
supported type). The DSA specific long option --nist-level seemed like
a good idea at the time, but I'm sorry it's poor user interface now.

Anyway, if you don't want to use the default key size, I think it's
best to use *both* type and length options, e.g.

  lsh-keygen --server -a rsa -l 2048

or

  lsh-keygen --server -a dsa --nist-level 8

Regards,
/Niels

Bug#301968: lsh-server fails to create the hostkey

[Stefan Pfetzing]

Package: lsh-server
Version: 2.0.1-2
Severity: grave
Justification: renders package unusable


Hi,

lsh-server fails to create the hostkey, possibly because the lsh-keygen
options are changed. --nist-level now is the length in bit of the rsa
key.

So this happens:

--- snip ---
[EMAIL PROTECTED]:~# /etc/init.d/lsh-server start
Creating lsh host key (this only needs to be done once):
/etc/lsh_host_keylsh-keygen: RSA keys should be at least 512 bits.
Try `lsh-keygen --help' or `lsh-keygen --usage' for more information.
lsh-writekey: Empty key on input, giving up.
--- snap ---

Simply use:

lsh-keygen --server --nist-level 2048

or:

lsh-keygen --server --nist-level 4096

in the lsh-server initscript. Thanks.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-x
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: 
LC_ALL set to [EMAIL PROTECTED])

Versions of packages lsh-server depends on:
ii  debconf 1.4.46   Debian configuration management sy
ii  libasn1-6-heimdal   0.6.3-8  Libraries for Heimdal Kerberos
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgmp3 4.1.4-5  Multiprecision arithmetic library
ii  libkrb5-17-heimdal  0.6.3-8  Libraries for Heimdal Kerberos
ii  libncurses5 5.4-4Shared libraries for terminal hand
ii  liboop4 1.0-3Event loop management library
ii  libpam0g0.76-22  Pluggable Authentication Modules l
ii  libreadline44.3-15   GNU readline and history libraries
ii  libroken16-kerberos4kth 1.2.2-11.1   Roken Libraries for Kerberos4 From
ii  libwrap07.6.dbs-8Wietse Venema's TCP wrappers libra
ii  lsh-utils   2.0.1-2  Secure Shell v2 (SSH2) protocol ut
ii  zlib1g  1:1.2.2-4compression library - runtime

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]