From owner-freebsd-hackers@FreeBSD.ORG Thu May 17 23:01:59 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B93C91065672 for ; Thu, 17 May 2012 23:01:59 +0000 (UTC) (envelope-from jusher71@yahoo.com) Received: from nm37-vm2.bullet.mail.ne1.yahoo.com (nm37-vm2.bullet.mail.ne1.yahoo.com [98.138.229.130]) by mx1.freebsd.org (Postfix) with SMTP id 637A28FC14 for ; Thu, 17 May 2012 23:01:59 +0000 (UTC) Received: from [98.138.90.57] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:01:58 -0000 Received: from [98.138.226.165] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:01:58 -0000 Received: from [127.0.0.1] by omp1066.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:01:58 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 603691.84212.bm@omp1066.mail.ne1.yahoo.com Received: (qmail 22319 invoked by uid 60001); 17 May 2012 23:01:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1337295718; bh=1i/A/Qr9HjezPqxc89vS9EDEjkW38J5qkOsCVMj6NFE=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Svt6a2Tl864qzcGxoZlIAYMCVXB8P7oGDGNYvRvPx5fciH+K3F5Xu1n7/Bx9qaPPsjqCbY7vDu3WSgJQmGRw2ejtNmObKDCY3Ba1MZBHSe3I1MiJIra/sq9zZZOUj8N+jmt4XwF8q651qV9sbM5z6UyYZXy2zH6V5zeA1ISCBAQ= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=z3fNrwxoPVoK2l5dVjHVIl+1br7v8HO7aoscTLTVwGxot3/X9YZH85q1FjkfdliL9zLPdq1EoU1ofaPmARBn/U/kVF21BEWGidQCxTaKMu53VxxOh9/Z0FC4zVWvCagE2I9eNGN0uFaWb4a4LYQ+CL1Rda/l3MbiNugPCblT+Eg=; X-YMail-OSG: Ye8PsDUVM1lejoJTlp2aPN7fvnF7oeTr_BHShKW0l7D08RY _cfPDhGDj72oQIZStP0G4.c8rHY_HAjsGixLr07Sp5NZRZalDUbY4Dvr5mzE MId5S8qF26GXCP9eEd27jqLkBXC.wgEB8tj.d653N4la6oPHdwekX6MLI4.c gHfAfF1qiIrateUSZEcc3IdEAO82_J5MycDOFQkdh2Ack64eQs6SDAA_rNgH 8ZQKfMGMtj3jNkQaU1YPJYMdn2X0XeS4eToWaGuWlAmnS4DN_EkTbGZmMKOs Kc9tcS_J9EAnpVP8IZf97qkzv7cFtNTqKGqCy0yZum_HLthnOdf6_1h2E5Zo e5LjtoSpC0UILCQu9ufspVgpEFUlawW0qOSe3V0i0h45w1jh.b93tXalLm0h GGAhUytQqsJitwmKeE3nTnT1d Received: from [173.164.238.34] by web122504.mail.ne1.yahoo.com via HTTP; Thu, 17 May 2012 16:01:58 PDT X-Mailer: YahooMailClassic/15.0.6 YahooMailWebService/0.8.118.349524 Message-ID: <1337295718.17290.YahooMailClassic@web122504.mail.ne1.yahoo.com> Date: Thu, 17 May 2012 16:01:58 -0700 (PDT) From: Jason Usher To: Garrett Cooper In-Reply-To: <19CAB027-0B70-43FE-AEF5-11A6D548282D@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Fri, 18 May 2012 02:37:06 +0000 Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2012 23:01:59 -0000 =0A=0A--- On Thu, 5/17/12, Garrett Cooper wrote:=0A=0A= > > ... but I'm afraid that changing that line in=0A> myproposal.h BACK TO = ssh-dss,ssh-rsa does not solve the=0A> problem.=C2=A0 I did indeed make tha= t change to=0A> myproposal.h, manually, and then build the openssh-portable= =0A> port, but the behavior persists.=0A> > =0A> > If I simply REMOVE the R= SA keys, the error goes away,=0A> and existing DSA-using clients no longer = bomb out, but this=0A> is NOT a good solution for two reasons:=0A> > =0A> >= 1. anytime I HUP, or start sshd, it's going to create=0A> new RSA keys for= me=0A> > =0A> > 2. It's possible that some clients out there really=0A> ha= ve been using RSA all along (who knows) and now they are=0A> completely bro= ken, since RSA is not there at all.=0A> > =0A> > I'm more than happy to muc= k around in the source with=0A> further little edits, just like I did with = myproposal.h, but=0A> I have no idea what they would be.=0A> > =0A> > Can a= nyone help me "make new ssh behave like old one"=0A> ?=0A> =0A> You can pro= bably issue an option via -o with ssh to skip the=0A> prompt (see ssh_confi= g=E2=80=A6 maybe there's something in there=0A> that can help you). No, I'm= not referring to=0A> StrictHostKeyChecking either :).=0A=0A=0AThat's on th= e client side.=0A=0AI don't have access to the clients. I have no way to i= nteract with the clients at all.=0A=0AI need a way to configure (or patch) = the OpenSSH server such that it presents keys in the same order (first DSS,= then RSA) as it used to.=0A=0AAnyone ?