From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 17:31:40 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FE96106566C; Mon, 25 Jun 2012 17:31:40 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 217E08FC08; Mon, 25 Jun 2012 17:31:40 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id A3BC5C728; Mon, 25 Jun 2012 10:31:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1340645499; bh=o1vAVCBhlA2SR8cRTcx09ioXDoRtnzPvz+7d6rTG2WQ=; h=Date:From:Reply-To:To:CC:Subject; b=JD3a5MCHlU8fDDAxJS89YBB949e9AJNk0kNuCHL5YbpCimiNyriZqK4N8G87+2mzf hyn0P2pyLpvMoLev/9Zl4FS6bB7uZmwHE6m09XmSvXeBc9hwzxHC4degKzkJjIe5gr 519y8kP1pesiLsjLQH3NjZS6Cv3XvjvzyTmyRlhE= Message-ID: <4FE8A07A.60803@delphij.net> Date: Mon, 25 Jun 2012 10:31:38 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Dag-Erling Smorgrav , "freebsd-security@freebsd.org" X-Enigmail-Version: 1.4 Content-Type: multipart/mixed; boundary="------------050705050107090703070800" Cc: d@delphij.net Subject: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 17:31:40 -0000 This is a multi-part message in MIME format. --------------050705050107090703070800 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Dag-Erling, Here is a patch from OpenBSD which makes ssh-keyscan to fetch ECDSA keys by default, to match the default hostkey algorithm. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP6KB6AAoJEG80Jeu8UPuz3ksIAJnPmcFBDE0Uc7wW7H9b2ug4 coILQXSBXlXZqHuGd6HqI7ghz3fthe8oKxvNkjhEcrngLGWi3UXIEEVHnJAtHJaT tzUwxLPK6bn2ZiIxTxjKEEmXhbyhlggSRDCLMXKsrrJYltL5VX6pM/jWACeBnegm xh38KZ7yh8AIAaFyZVGZcIbWd9Yw6DXc7gTt4ifVQ537TdFnMlowuqxT/g27tZaq /fbEozwCTXCpBNqkhLyROF7pNqEHvdKbN6BeLf//7gnOuof2h5VDElf9Lacnek92 kRPSw/gboPo6UEEZ1OdGjecUnBlePYxpxIs6np4hDWaniR4VNq+DczIcmTDSnO4= =OzCc -----END PGP SIGNATURE----- --------------050705050107090703070800 Content-Type: text/plain; name="ssh-keyscan.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ssh-keyscan.diff" Index: crypto/openssh/ssh-keyscan.c =================================================================== --- crypto/openssh/ssh-keyscan.c (revision 237520) +++ crypto/openssh/ssh-keyscan.c (working copy) @@ -57,7 +57,7 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_RSA 4 #define KT_ECDSA 8 -int get_keytypes = KT_RSA; /* Get only RSA keys by default */ +int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ int hash_hosts = 0; /* Hash hostname on output */ --------------050705050107090703070800--