Date: Thu, 17 May 2012 16:01:58 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Garrett Cooper <yanegomi@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337295718.17290.YahooMailClassic@web122504.mail.ne1.yahoo.com> In-Reply-To: <19CAB027-0B70-43FE-AEF5-11A6D548282D@gmail.com>
index | next in thread | previous in thread | raw e-mail
--- On Thu, 5/17/12, Garrett Cooper <yanegomi@gmail.com> wrote: > > ... but I'm afraid that changing that line in > myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the > problem. I did indeed make that change to > myproposal.h, manually, and then build the openssh-portable > port, but the behavior persists. > > > > If I simply REMOVE the RSA keys, the error goes away, > and existing DSA-using clients no longer bomb out, but this > is NOT a good solution for two reasons: > > > > 1. anytime I HUP, or start sshd, it's going to create > new RSA keys for me > > > > 2. It's possible that some clients out there really > have been using RSA all along (who knows) and now they are > completely broken, since RSA is not there at all. > > > > I'm more than happy to muck around in the source with > further little edits, just like I did with myproposal.h, but > I have no idea what they would be. > > > > Can anyone help me "make new ssh behave like old one" > ? > > You can probably issue an option via -o with ssh to skip the > prompt (see ssh_config… maybe there's something in there > that can help you). No, I'm not referring to > StrictHostKeyChecking either :). That's on the client side. I don't have access to the clients. I have no way to interact with the clients at all. I need a way to configure (or patch) the OpenSSH server such that it presents keys in the same order (first DSS, then RSA) as it used to. Anyone ?help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337295718.17290.YahooMailClassic>