Saturday, September 26, 2009

ssh FAIL!

The other day I was baffled. The version of ssh-keygen I was trying to use just was not giving me the results I wanted. The really strange part was that ssh-keygen -h gave completely different options than what I could find in the ssh manpage.

I checked the version and things started to get wierd:
[root@zim .ssh2]# ssh-keygen -V
ssh-keygen version , compiled Jun 7 2009.

That's right, it had no version. I'm not sure why, but it didn't. Strange things were afoot.

I spent about an hour trying to figure out how this ssh-keygen worked. I was interested to see that it generated keys in RFC 4716 format instead of the openssh key format required in ~/.ssh/authorized_keys. It couldn't produce the normal openssh format no matter what options I used.

After rpm verify didn't show me anything of interest (ssh-keygen matched what was distributed by the openssh package) I decided to see where ssh-keygen was living.

[root@zim .ssh2]# which ssh-keygen
/usr/local/bin/ssh-keygen

What's that you say? /usr/local? No RPM installed openssh binaries have any business living there.

[root@zim .ssh2]# ls -la /usr/local/bin
....
lrwxrwxrwx 1 root root 11 Jun 7 00:41 ssh-keygen -> ssh-keygen2
-rwxr-xr-x 1 root root 2041687 Jun 7 00:41 ssh-keygen2
....

How interesting. Jun 7. That was the alleged compile time from ssh-keygen -V.

I have removed those binaries from /usr/local/bin, things returned to normal, and now I'm left wondering how they got there.