Date: Mon, 21 May 2012 14:26:27 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Garance A Drosehn <gad@FreeBSD.org> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337635587.57757.YahooMailClassic@web122503.mail.ne1.yahoo.com> In-Reply-To: <4FBA7CA2.5080703@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
--- On Mon, 5/21/12, Garance A Drosehn <gad@FreeBSD.org> wrote: > But have you tried it in this order ? > > HostKey /usr/local/etc/ssh/ssh_host_key > HostKey > /usr/local/etc/ssh/ssh_host_dsa_key > HostKey > /usr/local/etc/ssh/ssh_host_rsa_key > HostKey > /usr/local/etc/ssh/ssh_host_ecdsa_key > > Which is to say, have your sshd_config file list multiple > hostkey's, and then restart sshd after making that change? > I tried a similar change and it seemed to have some effect > on what clients saw when connecting, but I can't tell if > it has the effect that you want. The order of HostKey directives in sshd_config does not change the actual order. In newer implementations, RSA is provided first, no matter how you configure the sshd_config. As I mentioned before, removing RSA completely is sort of a fix, but I can't do that because some people might actually be explicitly using RSA, and they would all break. Anyone ?help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337635587.57757.YahooMailClassic>