Date: Thu, 21 Jan 2016 11:10:14 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294495 - in head: . crypto/openssh Message-ID: <201601211110.u0LBAEI1081858@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Thu Jan 21 11:10:14 2016 New Revision: 294495 URL: https://svnweb.freebsd.org/changeset/base/294495 Log: Enable DSA keys by default. They were disabled in OpenSSH 6.9p1. Noticed by: glebius Modified: head/UPDATING head/crypto/openssh/myproposal.h (contents, props changed) head/crypto/openssh/ssh_config.5 head/crypto/openssh/sshd_config.5 Modified: head/UPDATING ============================================================================== --- head/UPDATING Thu Jan 21 10:57:45 2016 (r294494) +++ head/UPDATING Thu Jan 21 11:10:14 2016 (r294495) @@ -32,10 +32,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 "ln -s 'abort:false,junk:false' /etc/malloc.conf".) 20160119: - The default configuration of ssh(1) no longer allows to use ssh-dss - keys. To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes - option in the /etc/ssh/ssh_config. Refer to ssh_config(5) for more - information. The NONE and HPN patches has been removed from OpenSSH. They are still available in the security/openssh-portable port. Modified: head/crypto/openssh/myproposal.h ============================================================================== --- head/crypto/openssh/myproposal.h Thu Jan 21 10:57:45 2016 (r294494) +++ head/crypto/openssh/myproposal.h Thu Jan 21 11:10:14 2016 (r294495) @@ -1,4 +1,5 @@ /* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -99,9 +100,11 @@ HOSTKEY_ECDSA_CERT_METHODS \ "ssh-ed25519-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ + "ssh-dss-cert-v01@openssh.com," \ HOSTKEY_ECDSA_METHODS \ "ssh-ed25519," \ - "ssh-rsa" \ + "ssh-rsa," \ + "ssh-dss" /* the actual algorithms */ Modified: head/crypto/openssh/ssh_config.5 ============================================================================== --- head/crypto/openssh/ssh_config.5 Thu Jan 21 10:57:45 2016 (r294494) +++ head/crypto/openssh/ssh_config.5 Thu Jan 21 11:10:14 2016 (r294495) @@ -798,8 +798,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp The @@ -821,8 +823,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -1251,8 +1255,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp The Modified: head/crypto/openssh/sshd_config.5 ============================================================================== --- head/crypto/openssh/sshd_config.5 Thu Jan 21 10:57:45 2016 (r294494) +++ head/crypto/openssh/sshd_config.5 Thu Jan 21 11:10:14 2016 (r294495) @@ -657,8 +657,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp The @@ -752,8 +754,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp The list of available key types may also be obtained using the @@ -1355,8 +1359,10 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-dss-cert-v01@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, +ecdsa-sha2-nistp521,ssh-ed25519, +ssh-rsa,ssh-dss .Ed .Pp The
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601211110.u0LBAEI1081858>