OpenSSH Install

Andreas Leuner andreas at leuner-online.de
Mon Aug 6 10:57:49 PDT 2007


Am Sonntag 05 August 2007 21:39:55 schrieb Jason Johnson:
> I am trying to install openssh-4.6p1 on my new x86 build. Everything
> compiles fine and even install fine. I used he standard configuration in
> the book BLFS.  However during the install when openssh tries to generate
> the ssh_host_rsa_key and ssh_host_dsa_key key it fails. I have read reports
> on the net that I should be able to generate these keys yourself . However
> ever attempt to generate rsa and dsa keys have failed. If anyone can help
> me out it would be greatly appreciated.
>
> mkdir /etc/ssh
> Generating public/private rsa1 key pair.
> Your identification has been saved in /etc/ssh/ssh_host_key.
> Your public key has been saved in /etc/ssh/ssh_host_key.pub.
> The key fingerprint is:
> 58:01:07:b8:b8:e4:9c:85:e8:a0:e3:9c:20:26:eb:ca root at Achilles
> Generating public/private dsa key pair.
> /bin/sh: line 16:  5010 Illegal instruction     ./ssh-keygen -t dsa -f
> /etc/ssh/ssh_host_dsa_key -N ""
> Generating public/private rsa key pair.
> /bin/sh: line 16:  5011 Illegal instruction     ./ssh-keygen -t rsa -f

I have also come across this stuff. See below.
> /etc/ssh/ssh_host_rsa_key -N ""
> make: *** [host-key] Error 132
>
> root at Achilles:/etc/ssh# ssh-keygen -t dsa
> Generating public/private dsa key pair.
> Enter file in which to save the key (/root/.ssh/id_dsa): ssh_host_dsa_key
> ssh_host_dsa_key already exists.
> Overwrite (y/n)? y
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:

Did you install gcc-4.2.x when building LFS? Then you should try to run the 
openssl testsuite -- there will be much more of those:
> Illegal instruction
(Otherwise nevermind :-)

The reason is that in openssl they have done some debatable things with 
casting function arguments (try googling the openssl-dev mailing list for 
gcc-4.2 openssl illegal instruction). Since the gcc mintainers don't like 
that the gcc-4.2.x position on this debate is inserting illegal instructions 
into the generated code. On purpose. Kind of making it fail fast.

Somewhere on the openssl-dev mailing list there is a patch (by Peter Hartley 
IIRC) floating around which changes some of the openssl header files. It 
doesn't apply cleanly so you'll have to do some of it by hand.

After applying the patch you can compile (and test) openssl. Since the headers 
don't seem to be source compatible with the unchanged ones anymore you'll 
have to replace them with the latter ones _before_ installing openssl.

Then you can redo openssh (you did link openssl statically didn't you?) and 
maybe other openssl-dependent stuff.

This procedure is really a bit hacky - but with gcc-4.2.x (and maybe 
glibc-2.6.x? I've done that ;-) just another adventure.

I just read the changelog of an upcoming 0.9.9 release on the www.openssl.org 
news section. They mention that openssl will then compile cleanly with 
gcc-4.2.x. But there are no files so far.

Good luck
	Andreas Leuner



More information about the blfs-support mailing list