# ssh-keygen: undefined symbol: EC_KEY_new_by_curve_name

## D-LINC

Hi. I can't seem to start sshd on a new server installation. Evidently it has something to do with new Elliptic Curve cryptography support, but I'm not sure what it is I am supposed to do about it.

```
(error message when starting /etc/init.d/sshd)

 * Generating ecdsa host key ...ssh-keygen: symbol lookup error: ssh-keygen: undefined symbol: EC_KEY_new_by_curve_name

 [ !! ]

 * ERROR: sshd failed to start

(options set in /etc/ssh/sshd_config)

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

PasswordAuthentication yes

UsePAM yes

PrintMotd no

PrintLastLog no

Subsystem   sftp   /usr/lib/misc/sftp-server

 

(emerge --info openssh)

Portage 2.1.10.41 (hardened/linux/x86, gcc-4.5.3, glibc-2.13-r4, 3.0.4-hardened-r5 i686)

=================================================================

                        System Settings

=================================================================

System uname: Linux-3.0.4-hardened-r5-i686-Intel-R-_Atom-TM-_CPU_N270_@_1.60GHz-with-gentoo-2.0.3

Timestamp of tree: Sat, 31 Dec 2011 00:45:01 +0000

app-shells/bash:          4.1_p9

dev-lang/python:          2.7.2-r3, 3.1.4-r3

dev-util/pkgconfig:       0.26

sys-apps/baselayout:      2.0.3

sys-apps/openrc:          0.9.4

sys-apps/sandbox:         2.5

sys-devel/autoconf:       2.68

sys-devel/automake:       1.11.1

sys-devel/binutils:       2.21.1-r1

sys-devel/gcc:            4.5.3-r1

sys-devel/gcc-config:     1.4.1-r1

sys-devel/libtool:        2.4-r1

sys-devel/make:           3.82-r1

sys-kernel/linux-headers: 2.6.39 (virtual/os-headers)

sys-libs/glibc:           2.13-r4

Repositories: gentoo

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="* -@EULA"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=native -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-O2 -march=native -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"

FFLAGS=""

GENTOO_MIRRORS="http://mirror.mcs.anl.gov/pub/gentoo/ http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/"

LANG="en_US.utf8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j1"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY=""

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="acl acpi bash-completion berkdb bindist bzip2 caps cli cracklib crypt cups cxx dri emacs fastcgi gdbm gnutls gpm hardened iconv mmx modules mudflap ncurses nls nptl nptlonly openmp pam pax_kernel pcre pic pppd readline session sse sse2 ssl ssse3 sysfs tcpd unicode urandom x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================

                        Package Settings

=================================================================

net-misc/openssh-5.8_p1-r1 was built with the following:

USE="hpn pam tcpd -X -X509 -kerberos -ldap -libedit (-selinux) -skey -static"

CFLAGS="-O2 -march=i686 -pipe"

CXXFLAGS="-O2 -march=i686 -pipe"

```

----------

## cach0rr0

does revdep-rebuild -p happen to show anything interesting? 

seems it's looking for a non-existent symbol in one of the shared libraries it's using. 

may well just be the case you need to re-merge net-misc/openssh

----------

## D-LINC

Rebuilding openssh seems to have fixed the problem, as now I can start sshd. The elog records:

```

LOG: postinst

Starting with openssh-5.8p1, the server will default to a newer key

algorithm (ECDSA).  You are encouraged to manually update your stored

keys list as servers update theirs.  See ssh-keyscan(1) for more info.

WARN: postinst

Remember to merge your config files in /etc/ssh/ and then

reload sshd: '/etc/init.d/sshd reload'.

Please be aware users need a valid shell in /etc/passwd

in order to be allowed to login.
```

----------

