Date: Thu, 17 May 2012 16:01:58 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Garrett Cooper <yanegomi@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337295718.17290.YahooMailClassic@web122504.mail.ne1.yahoo.com> In-Reply-To: <19CAB027-0B70-43FE-AEF5-11A6D548282D@gmail.com>
index | next in thread | previous in thread | raw e-mail
--- On Thu, 5/17/12, Garrett Cooper <yanegomi@gmail.com> wrote: > > ... but I'm afraid that changing that line in > myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the > problem. I did indeed make that change to > myproposal.h, manually, and then build the openssh-portable > port, but the behavior persists. > > > > If I simply REMOVE the RSA keys, the error goes away, > and existing DSA-using clients no longer bomb out, but this > is NOT a good solution for two reasons: > > > > 1. anytime I HUP, or start sshd, it's going to create > new RSA keys for me > > > > 2. It's possible that some clients out there really > have been using RSA all along (who knows) and now they are > completely broken, since RSA is not there at all. > > > > I'm more than happy to muck around in the source with > further little edits, just like I did with myproposal.h, but > I have no idea what they would be. > > > > Can anyone help me "make new ssh behave like old one" > ? > > You can probably issue an option via -o with ssh to skip the > prompt (see ssh_config… maybe there's something in there > that can help you). No, I'm not referring to > StrictHostKeyChecking either :). That's on the client side. I don't have access to the clients. I have no way to interact with the clients at all. I need a way to configure (or patch) the OpenSSH server such that it presents keys in the same order (first DSS, then RSA) as it used to. Anyone ?home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337295718.17290.YahooMailClassic>