Date: Sun, 24 Jun 2012 13:17:53 -0400 From: "J. Hellenthal" <jhellenthal@dataix.net> To: ports@freebsd.org Subject: security/openssh-portable line # 82 of rc.d/openssh generates DSA not ECDSA Message-ID: <20120624171753.GA15646@DataIX.net>
next in thread | raw e-mail | index | archive | help
--6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable As stated in the subject if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then echo "You already have a Elliptic Curve DSA host key" \ "in /usr/local/etc/ssh/ssh_host_ecdsa_key" echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation" else /usr/local/bin/ssh-keygen -t dsa \ -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N '' fi Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key in a different file. --=20 - (2^(N-1)) --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP50vAAAoJEBSh2Dr1DU7WrZoIALC0hNyqIiwAW6LKuUPzicOm pdtsghw/AO20K0oovp1GHS6roYIoFO6hMo96HzM1OzX3AnNKRMvLUrgnONTtaY7a OC+JYfUaQOUVx7get7xRGJByIR/Jt7d84a+wQjaR9G5X545q4v1xiR/Gxx3o447K Js0XpBHIrH5j4zEo7mPohBd0mYwBppUPAlwkGjagCd9l8hPurnA3jSuDbOd7USGO kD1PJz76rn5mXgBkH7QDumhgRwHcY5j+k63/luUdC2shHLsTQKx1oUWVYLvpZVNs gvvA2g4yHHTeKVlC6nn3XOzneq+sMyODHaoD0sQgq0DwQcx8s0GhTa34faaaiMg= =4N8M -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120624171753.GA15646>