Fixed
Created: Jul 13, 2016
Updated: Dec 3, 2018
Resolved Date: Jul 29, 2016
Found In Version: 6.0
Fix Version: 6.0.0.31
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace
openssh offers the possibility of creating multiple ECDSA keys (ECDSA implementation supports 3 different ECDSA key lengths – they are not compatible between each other).
OpenSSH then offers 3 keys to client but in practice client can use only one of those keys.
1. configure a wrlinux 5 RCPL35 project based on any BSP, standard kernel/filesystem
2. On server side we create keys with following commands:
/usr/bin/ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_256_key
/usr/bin/ssh-keygen -t ecdsa -b 384 -f /etc/ssh/ssh_host_ecdsa_384_key
/usr/bin/ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_521_key
Then we add following entries in /etc/ssh/sshd_config:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_256_key
HostKey /etc/ssh/ssh_host_ecdsa_384_key
HostKey /etc/ssh/ssh_host_ecdsa_521_key
Then on client in /etc/ssh/ssh_config:
HostKeyAlgorithms ecdsa-sha2-nistp384
When trying to connect from Client to Server using ssh command – Server during negotiation should offer ecdsa_384 key but it offers ecdsa_256 key (first from HostKey list probably) instead.
