Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 May 2012 13:34:26 -0400
From:      Garance A Drosehn <gad@FreeBSD.org>
To:        Jason Usher <jusher71@yahoo.com>
Cc:        freebsd-hackers@FreeBSD.org
Subject:   Re: Need to revert behavior of OpenSSH to the old key order ...
Message-ID:  <4FBA7CA2.5080703@FreeBSD.org>
In-Reply-To: <1337617112.24292.YahooMailClassic@web122505.mail.ne1.yahoo.com>
References:  <1337617112.24292.YahooMailClassic@web122505.mail.ne1.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I may have missed some emails in this thread, but did you
try this suggestion:

    But have you tried it in this order ?

    HostKey /usr/local/etc/ssh/ssh_host_key
    HostKey /usr/local/etc/ssh/ssh_host_dsa_key
    HostKey /usr/local/etc/ssh/ssh_host_rsa_key
    HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key

Which is to say, have your sshd_config file list multiple
hostkey's, and then restart sshd after making that change?
I tried a similar change and it seemed to have some effect
on what clients saw when connecting, but I can't tell if
it has the effect that you want.

		-- garance



On 5/21/12 12:18 PM, Jason Usher wrote:
> Folks,
>
> Is there a better list for this - perhaps freebsd-security ?
>
> I originally posted to -hackers because it *appears* that reverting "rsa, then dsa" to "dsa, then rsa" was a simple change to myproposal.h, but since that doesn't work, and since I haven't gotten any replies here ...
>
> Thoughts ?
>    



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FBA7CA2.5080703>