Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 May 2012 16:06:11 -0700 (PDT)
From:      Jason Usher <jusher71@yahoo.com>
To:        Jason Hellenthal <jhellenthal@dataix.net>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Need to revert behavior of OpenSSH to the old key order ...
Message-ID:  <1337295971.82236.YahooMailClassic@web122505.mail.ne1.yahoo.com>
In-Reply-To: <20120517221709.GA47168@DataIX.net>
index | next in thread | previous in thread | raw e-mail 



--- On Thu, 5/17/12, Jason Hellenthal <jhellenthal@dataix.net> wrote:

> On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher
> wrote:
> > I have some old 6.x FreeBSD systems that need their
> OpenSSH upgraded.
> > 
> > Everything goes just fine, but when I am done, existing
> clients are now presented with this message:
> > 
> > 
> > WARNING: DSA key found for host hostname
> > in /root/.ssh/known_hosts:12
> > DSA key fingerprint 4c:29:4b:6e:b8:6b:fa:49.......
> > 
> > The authenticity of host 'hostname (10.1.2.3)' can't be
> established
> > but keys of different type are already known for this
> host.
> > RSA key fingerprint is a3:22:3d:cf:f2:46:09:f2......
> > Are you sure you want to continue connecting (yes/no)
> > 
> 
> You must be using different keys for your server than the
> one that has
> been generated before the upgrade. Just copy your keys over
> to the new
> location and restart the server daemon and you should be
> fine.
> 
> copy /etc/ssh/* -> /usr/local/etc/ssh/


You didn't read that error message.

That is not the standard "key mismatch" error that you assumed it was.  Look at it again - it is saying that we do have a key for this server of type DSA, but the client is receiving one of type RSA, etc.

The keys are the same - they have not changed at all - they are just being presented to clients in the reverse order, which is confusing them and breaking automated, key-based login.

I need to take current ssh server behavior (rsa, then dss) and change it back to the old order (dss, then rsa).
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337295971.82236.YahooMailClassic>