From owner-freebsd-questions Sun May 28 11:29:42 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.inka.de (quechua.inka.de [212.227.14.2]) by hub.freebsd.org (Postfix) with ESMTP id 13CD537B64D for ; Sun, 28 May 2000 11:29:39 -0700 (PDT) (envelope-from daemon@mips.inka.de) Received: from bigeye.mips.inka.de (uucp@) by mail.inka.de with local-bsmtp id 12w7of-0006mg-00; Sun, 28 May 2000 20:29:37 +0200 Received: (from daemon@localhost) by bigeye.mips.inka.de (8.9.3/8.9.3) id SAA29423 for freebsd-questions@freebsd.org; Sun, 28 May 2000 18:47:08 +0200 (CEST) (envelope-from daemon) From: naddy@mips.inka.de (Christian Weisgerber) Subject: Re: 4.0-STABLE Secure: ssh limited to 1024 bits by RSAREF Date: 28 May 2000 18:47:07 +0200 Message-ID: <8griib$sn6$1@bigeye.mips.inka.de> References: To: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Chris Shenton wrote: > One site I'm trying to "ssh" to a system running F-Secure's SSH daemon > with a host key that's 1152 bits, but /usr/bin/ssh can't connect > because the RSAREF limits me to 1024 bits: Yep. > Before doing the "make world", in /etc/defaults/make.conf I set: > > RSAREF= NO I think only RSAREF=YES has any meaning. > USA_RESIDENT= NO That should do the trick assuming you have the international crypto distribution. You can get those from cvsup.internat.freebsd.org or various international mirrors, e.g. cvsup[123].de.freebsd.org. Note that if you are in the US, using the non-RSAREF implementation will put you in violation of RSA Inc.'s patent, as will using RSAREF for commercial purposes. -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message