From owner-freebsd-security  Wed Mar  6  8:58:20 2002
Delivered-To: freebsd-security@freebsd.org
Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240])
	by hub.freebsd.org (Postfix) with ESMTP id 5558C37B41A
	for <security@freebsd.org>; Wed,  6 Mar 2002 08:58:10 -0800 (PST)
Received: (qmail 17785 invoked by uid 1000); 6 Mar 2002 16:58:04 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 6 Mar 2002 16:58:04 -0000
Date: Wed, 6 Mar 2002 08:58:01 -0800 (PST)
From: Jason Stone <jason-fbsd-security@shalott.net>
X-X-Sender:  <jason@walter>
To: <security@freebsd.org>
Subject: Re: ssh keys not working?
In-Reply-To: <20020306184509.C14052@straylight.oblivion.bg>
Message-ID: <20020306085357.E17654-100000@walter>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> If the problem was that SSH was using protocol 2 instead of 1, and you
> only had an SSHv1 key, please note that all the machines in the
> FreeBSD cluster accept SSHv2 keys now, too :)  I personally prefer to
> go with v2 anywhere I can, so I just generated a v2 key (ssh-keygen -t
> dsa) and copied the public key over to freefall:.ssh/authorized_keys2.

The current version of openssh has deprecated the use of authorized_keys2,
known_hosts2, etc, and they threaten that future version will completely
ignore the *2 files.

So it's probablly a good idea to keep all your keys in authorized_keys,
and symlink that to authorized_keys2 for now.


 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet.  Here's what I worry about.  I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
	-- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE8hkqcswXMWWtptckRAgnFAKC8cj4VA1MF+pGee4IQ+0rgANNf3wCgo+DH
2P2fqRRk5/MEqi/QyfLEWPg=
=tZre
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message