OpenSSH Install

Jason Johnson jjohnson21 at
Tue Aug 7 00:17:57 PDT 2007

Yes, I installed gcc-4.2.0 and glib-2.6.x. Thank you for your input. I will
look around and see If I cant find patch or a fix for this issue. If I
figure out what the problem is I will be sure and update this posting.

August 2007 21:39:55  Jason Johnson:
> I am trying to install openssh-4.6p1 on my new x86 build. Everything
> compiles fine and even install fine. I used he standard configuration in
> the book BLFS.  However during the install when openssh tries to generate
> the ssh_host_rsa_key and ssh_host_dsa_key key it fails. I have read
> on the net that I should be able to generate these keys yourself . However
> ever attempt to generate rsa and dsa keys have failed. If anyone can help
> me out it would be greatly appreciated.
> mkdir /etc/ssh
> Generating public/private rsa1 key pair.
> Your identification has been saved in /etc/ssh/ssh_host_key.
> Your public key has been saved in /etc/ssh/
> The key fingerprint is:
> 58:01:07:b8:b8:e4:9c:85:e8:a0:e3:9c:20:26:eb:ca root at Achilles
> Generating public/private dsa key pair.
> /bin/sh: line 16:  5010 Illegal instruction     ./ssh-keygen -t dsa -f
> /etc/ssh/ssh_host_dsa_key -N ""
> Generating public/private rsa key pair.
> /bin/sh: line 16:  5011 Illegal instruction     ./ssh-keygen -t rsa -f

I have also come across this stuff. See below.
> /etc/ssh/ssh_host_rsa_key -N ""
> make: *** [host-key] Error 132
> root at Achilles:/etc/ssh# ssh-keygen -t dsa
> Generating public/private dsa key pair.
> Enter file in which to save the key (/root/.ssh/id_dsa): ssh_host_dsa_key
> ssh_host_dsa_key already exists.
> Overwrite (y/n)? y
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:

Did you install gcc-4.2.x when building LFS? Then you should try to run the
openssl testsuite -- there will be much more of those:
> Illegal instruction
(Otherwise nevermind :-)

The reason is that in openssl they have done some debatable things with
casting function arguments (try googling the openssl-dev mailing list for
gcc-4.2 openssl illegal instruction). Since the gcc mintainers don't like
that the gcc-4.2.x position on this debate is inserting illegal instructions
into the generated code. On purpose. Kind of making it fail fast.

Somewhere on the openssl-dev mailing list there is a patch (by Peter Hartley
IIRC) floating around which changes some of the openssl header files. It
doesn't apply cleanly so you'll have to do some of it by hand.

After applying the patch you can compile (and test) openssl. Since the
don't seem to be source compatible with the unchanged ones anymore you'll
have to replace them with the latter ones _before_ installing openssl.

Then you can redo openssh (you did link openssl statically didn't you?) and
maybe other openssl-dependent stuff.

This procedure is really a bit hacky - but with gcc-4.2.x (and maybe
glibc-2.6.x? I've done that ;-) just another adventure.

I just read the changelog of an upcoming 0.9.9 release on the
news section. They mention that openssl will then compile cleanly with
gcc-4.2.x. But there are no files so far.

Good luck
       Andreas Leuner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the blfs-support mailing list