Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 May 2012 16:01:58 -0700 (PDT)
From:      Jason Usher <jusher71@yahoo.com>
To:        Garrett Cooper <yanegomi@gmail.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Need to revert behavior of OpenSSH to the old key order ...
Message-ID:  <1337295718.17290.YahooMailClassic@web122504.mail.ne1.yahoo.com>
In-Reply-To: <19CAB027-0B70-43FE-AEF5-11A6D548282D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
=0A=0A--- On Thu, 5/17/12, Garrett Cooper <yanegomi@gmail.com> wrote:=0A=0A=
> > ... but I'm afraid that changing that line in=0A> myproposal.h BACK TO =
ssh-dss,ssh-rsa does not solve the=0A> problem.=C2=A0 I did indeed make tha=
t change to=0A> myproposal.h, manually, and then build the openssh-portable=
=0A> port, but the behavior persists.=0A> > =0A> > If I simply REMOVE the R=
SA keys, the error goes away,=0A> and existing DSA-using clients no longer =
bomb out, but this=0A> is NOT a good solution for two reasons:=0A> > =0A> >=
 1. anytime I HUP, or start sshd, it's going to create=0A> new RSA keys for=
 me=0A> > =0A> > 2. It's possible that some clients out there really=0A> ha=
ve been using RSA all along (who knows) and now they are=0A> completely bro=
ken, since RSA is not there at all.=0A> > =0A> > I'm more than happy to muc=
k around in the source with=0A> further little edits, just like I did with =
myproposal.h, but=0A> I have no idea what they would be.=0A> > =0A> > Can a=
nyone help me "make new ssh behave like old one"=0A> ?=0A> =0A> You can pro=
bably issue an option via -o with ssh to skip the=0A> prompt (see ssh_confi=
g=E2=80=A6 maybe there's something in there=0A> that can help you). No, I'm=
 not referring to=0A> StrictHostKeyChecking either :).=0A=0A=0AThat's on th=
e client side.=0A=0AI don't have access to the clients.  I have no way to i=
nteract with the clients at all.=0A=0AI need a way to configure (or patch) =
the OpenSSH server such that it presents keys in the same order (first DSS,=
 then RSA) as it used to.=0A=0AAnyone ?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337295718.17290.YahooMailClassic>