From owner-cvs-all@FreeBSD.ORG  Wed Sep  3 09:42:45 2008
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7521E1065671;
	Wed,  3 Sep 2008 09:42:45 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F8B08FC1B;
	Wed,  3 Sep 2008 09:42:45 +0000 (UTC) (envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 6A3402083;
	Wed,  3 Sep 2008 11:42:43 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 93EFA84499; Wed,  3 Sep 2008 11:42:43 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
References: <200809012355.m81NtjZT038288@repoman.freebsd.org>
	<20080903002453.I65801@maildrop.int.zabbadoz.net>
Date: Wed, 03 Sep 2008 11:42:43 +0200
In-Reply-To: <20080903002453.I65801@maildrop.int.zabbadoz.net> (Bjoern
	A. Zeeb's message of "Wed, 3 Sep 2008 00:43:18 +0000 (UTC)")
Message-ID: <86ej41d0q4.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src UPDATING
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2008 09:42:45 -0000

"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> writes:
> So I had an updated ssh client in use since at least Aug 22 and it
> didn't bother me to ask about any remote machines.
>
> Now that people are updating their 7-STABLE machines, those 7-STABLE
> machines with an OpenSSH 5.1p1 start to pop up and do the DSA vs. RSA
> fingerprint dance for the host keys (at least until I added this to
> line 1 of my ~/.ssh/config as hinted with this UPDATING entry:
> 	HostKeyAlgorithms ssh-dss,ssh-rsa
> ).
>
> To my understanding this should have happened 10 days ago to me.
> I wonder why the peer needs to be updated as well for this?

Because older servers don't have RSA keys (or rather, they don't load
them).  Instead of just inverting the order, whoever decided that we
should prefer DSA to RSA (before my time) just removed the two lines of
code that load the RSA key.

8 will load both RSA and DSA keys, as intended.  So will 7, but that was
actually a mis-merge on my part.  I will revert it as soon as I get
re@'s approval.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no