From owner-freebsd-hackers@FreeBSD.ORG Thu May 17 21:17:10 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7918E1065672 for ; Thu, 17 May 2012 21:17:10 +0000 (UTC) (envelope-from jusher71@yahoo.com) Received: from nm5-vm1.bullet.mail.ne1.yahoo.com (nm5-vm1.bullet.mail.ne1.yahoo.com [98.138.91.32]) by mx1.freebsd.org (Postfix) with SMTP id 31AA88FC08 for ; Thu, 17 May 2012 21:17:10 +0000 (UTC) Received: from [98.138.90.52] by nm5.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 21:17:04 -0000 Received: from [98.138.226.165] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 21:17:04 -0000 Received: from [127.0.0.1] by omp1066.mail.ne1.yahoo.com with NNFMP; 17 May 2012 21:17:04 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 143733.53294.bm@omp1066.mail.ne1.yahoo.com Received: (qmail 95529 invoked by uid 60001); 17 May 2012 21:17:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1337289423; bh=sWBO2XscNbWZVTR21yjTNpOggKxZZVBwtcTNuanQUpA=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=AOVBJERZPMHiQJ2F3jg/BHV/QIU2FMjGK40Tc8Iy6piB32HonXxNGzV/23Hkjsynn3gmBDDmIwxq9HhHOB4OR3k8W8XAlAaEszgGfEc/vMwksBDApvIn9CPuSadah6jxhSXMYvb4Y9uJ3298cZEZAmiXoGJBpTxt0mdFFuCk3uI= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=vV9r5IzQ6w0BfrEoI9502uGDrPPe4Ft7cRKbG6BdHYruIhWPd3mcfQws5BHw3L9YZ/kXfm2CyN48d4vHZMwNa6YYyRfbAFWY36FydIQyeOxvhQoDZlWglDNAZQo3LIjrLm5nWOjRM1OWcf3IOoSgVrtuk2ZYn/U7VGeTBA9DpPI=; X-YMail-OSG: m9MT9M4VM1nzpFLgyW8hzkYg_f8QdZK_pe6ky4eCcM4IyUq RIrHK7CZODkXq7jvg3hcZfYMDQnsPrRl9es_cOZexLTNkDdZl7EcoDpBn.56 lYSycxCwVAHxT10tzyECKO.s1IzHgKEF3LKFQAadfTkGhXULtF4vV1CI4MgX 4Dv7yF631c6XhbLjqoaLa9hRErOZ3IQGi0qIf6xms8OE75i1.h0opu4ZmnrA EuLAh1Pl9H1BLH5vGfICrReLIBuQ1rkPWMm4pxEVm3CbyeuAR4KqlLAdGqc8 frwDNlT_Sveh2w1boA62psJm.y7xbDeaCx7iIIgIOKXVIyIIEGfoPhTbAE40 3Lfs2aCtcX..IOyCOWAh8oZHZAS_YMp2KPdA.1uIIJJTCqNiq.q6ia2t9Y4T Ov4_JKvgCUoqGdMfYCMruKcxzjePMubTXyG8WZNcO3m77Z0vZZvtWf3HP90f gn8FIMvVRgf3R.NQzjpXUcwWVXibgX0xbeDfvgc_oM52WSimz0iMAnHz8y7t 3OfV4PWzBtdRbfVAE0xiniUVmgi_rMCoIxhcBAmCMtpc- Received: from [173.164.238.34] by web122503.mail.ne1.yahoo.com via HTTP; Thu, 17 May 2012 14:17:03 PDT X-Mailer: YahooMailClassic/15.0.6 YahooMailWebService/0.8.118.349524 Message-ID: <1337289423.15300.YahooMailClassic@web122503.mail.ne1.yahoo.com> Date: Thu, 17 May 2012 14:17:03 -0700 (PDT) From: Jason Usher To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 17 May 2012 21:26:42 +0000 Subject: Need to revert behavior of OpenSSH to the old key order ... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2012 21:17:10 -0000 I have some old 6.x FreeBSD systems that need their OpenSSH upgraded.=0A=0A= Everything goes just fine, but when I am done, existing clients are now pre= sented with this message:=0A=0A=0AWARNING: DSA key found for host hostname= =0Ain /root/.ssh/known_hosts:12=0ADSA key fingerprint 4c:29:4b:6e:b8:6b:fa:= 49.......=0A=0AThe authenticity of host 'hostname (10.1.2.3)' can't be esta= blished=0Abut keys of different type are already known for this host.=0ARSA= key fingerprint is a3:22:3d:cf:f2:46:09:f2......=0AAre you sure you want t= o continue connecting (yes/no)=0A=0A=0AAnd as you can imagine, existing aut= omated jobs now all fail.=0A=0AI have no control over the clients.=A0 Assum= e the clients cannot be touched at all.=0A=0ASo, the good news is, this app= ears to have been discussed/documented here:=0A=0Ahttp://www.mail-archive.c= om/bugs@crater.dragonflybsd.org/msg04860.html=0A=0A... but I'm afraid that = changing that line in myproposal.h BACK TO ssh-dss,ssh-rsa does not solve t= he problem.=A0 I did indeed make that change to myproposal.h, manually, and= then build the openssh-portable port, but the behavior persists.=0A=0AIf I= simply REMOVE the RSA keys, the error goes away, and existing DSA-using cl= ients no longer bomb out, but this is NOT a good solution for two reasons:= =0A=0A1. anytime I HUP, or start sshd, it's going to create new RSA keys fo= r me=0A=0A2. It's possible that some clients out there really have been usi= ng RSA all along (who knows) and now they are completely broken, since RSA = is not there at all.=0A=0AI'm more than happy to muck around in the source = with further little edits, just like I did with myproposal.h, but I have no= idea what they would be.=0A=0ACan anyone help me "make new ssh behave like= old one" ?=0A=0AThanks.=0A