Date: Mon, 21 May 2012 14:26:27 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Garance A Drosehn <gad@FreeBSD.org> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337635587.57757.YahooMailClassic@web122503.mail.ne1.yahoo.com> In-Reply-To: <4FBA7CA2.5080703@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A=0A--- On Mon, 5/21/12, Garance A Drosehn <gad@FreeBSD.org> wrote:=0A = =0A> =A0=A0=A0But have you tried it in this order ?=0A> =0A> =A0=A0=A0HostK= ey /usr/local/etc/ssh/ssh_host_key=0A> =A0=A0=A0HostKey=0A> /usr/local/etc/= ssh/ssh_host_dsa_key=0A> =A0=A0=A0HostKey=0A> /usr/local/etc/ssh/ssh_host_r= sa_key=0A> =A0=A0=A0HostKey=0A> /usr/local/etc/ssh/ssh_host_ecdsa_key=0A> = =0A> Which is to say, have your sshd_config file list multiple=0A> hostkey'= s, and then restart sshd after making that change?=0A> I tried a similar ch= ange and it seemed to have some effect=0A> on what clients saw when connect= ing, but I can't tell if=0A> it has the effect that you want.=0A=0A=0AThe o= rder of HostKey directives in sshd_config does not change the actual order.= In newer implementations, RSA is provided first, no matter how you config= ure the sshd_config.=0A=0AAs I mentioned before, removing RSA completely is= sort of a fix, but I can't do that because some people might actually be e= xplicitly using RSA, and they would all break.=0A=0AAnyone ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337635587.57757.YahooMailClassic>