From owner-cvs-all@FreeBSD.ORG Wed Sep 3 01:01:11 2008 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0618D1065787; Wed, 3 Sep 2008 01:01:11 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id B31E28FC12; Wed, 3 Sep 2008 01:01:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2D0EB41C705; Wed, 3 Sep 2008 02:43:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id D6KZwl8eXeHi; Wed, 3 Sep 2008 02:43:28 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id C6D6041C703; Wed, 3 Sep 2008 02:43:28 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0854644487F; Wed, 3 Sep 2008 00:43:18 +0000 (UTC) Date: Wed, 3 Sep 2008 00:43:18 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Dag-Erling Smorgrav In-Reply-To: <200809012355.m81NtjZT038288@repoman.freebsd.org> Message-ID: <20080903002453.I65801@maildrop.int.zabbadoz.net> References: <200809012355.m81NtjZT038288@repoman.freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src UPDATING X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 01:01:11 -0000 On Mon, 1 Sep 2008, Dag-Erling Smorgrav wrote: Hi, > des 2008-09-01 23:50:56 UTC > > FreeBSD src repository > > Modified files: > . UPDATING > Log: > SVN rev 182662 on 2008-09-01 23:50:56Z by des > > Belatedly add a notice about the reversed order of preference for OpenSSH > authentication keys. So I had an updated ssh client in use since at least Aug 22 and it didn't bother me to ask about any remote machines. Now that people are updating their 7-STABLE machines, those 7-STABLE machines with an OpenSSH 5.1p1 start to pop up and do the DSA vs. RSA fingerprint dance for the host keys (at least until I added this to line 1 of my ~/.ssh/config as hinted with this UPDATING entry: HostKeyAlgorithms ssh-dss,ssh-rsa ). To my understanding this should have happened 10 days ago to me. I wonder why the peer needs to be updated as well for this? Is this because sshds up to now only advertised dss (also on stable) and with the update to 5.1p1 start to advertise rsa,dss and with the updated client rsa matches? In that case that would mean that stable users would see that as well? Or at least STABLE sshds would behave different on new clients? That could potentially break auto-pilot setups for people on the stable branch? /bz, highly confused (and tired) -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.