Date: Thu, 17 May 2012 21:19:04 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Jason Usher <jusher71@yahoo.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <20120518011904.GA82007@DataIX.net> In-Reply-To: <1337297198.76003.YahooMailClassic@web122503.mail.ne1.yahoo.com> References: <20120517232238.GA91365@DataIX.net> <1337297198.76003.YahooMailClassic@web122503.mail.ne1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher wrote: > > > --- On Thu, 5/17/12, Jason Hellenthal <jhellenthal@dataix.net> wrote: > > > > That is not the standard "key mismatch" error that you > > assumed it was.? Look at it again - it is saying that > > we do have a key for this server of type DSA, but the client > > is receiving one of type RSA, etc. > > > > > > The keys are the same - they have not changed at all - > > they are just being presented to clients in the reverse > > order, which is confusing them and breaking automated, > > key-based login. > > > > > > I need to take current ssh server behavior (rsa, then > > dss) and change it back to the old order (dss, then rsa). > > > > Have you attempted to change that order via sshd_config and > > placing the > > DSA directive before the RSA one ? > > > sshd_config has no such config directive. ssh_config does, but that's for clients, and I have no way to interact with the clients. > > It would indeed be very nice if this key order, which seems like a prime candidate for configuration, was a configurable option in sshd_config, but it is not. > > I am fairly certain that I need to hack up some source files, and I thought I had it with myproposal.h (see link in OP) but there must be more, because that small change does not fix things... You don't have any of this in your config ? # HostKey for protocol version 1 #HostKey /usr/local/etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /usr/local/etc/ssh/ssh_host_rsa_key #HostKey /usr/local/etc/ssh/ssh_host_dsa_key #HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120518011904.GA82007>