Date: Thu, 17 May 2012 16:26:38 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337297198.76003.YahooMailClassic@web122503.mail.ne1.yahoo.com> In-Reply-To: <20120517232238.GA91365@DataIX.net>
index | next in thread | previous in thread | raw e-mail
--- On Thu, 5/17/12, Jason Hellenthal <jhellenthal@dataix.net> wrote: > > That is not the standard "key mismatch" error that you > assumed it was. Look at it again - it is saying that > we do have a key for this server of type DSA, but the client > is receiving one of type RSA, etc. > > > > The keys are the same - they have not changed at all - > they are just being presented to clients in the reverse > order, which is confusing them and breaking automated, > key-based login. > > > > I need to take current ssh server behavior (rsa, then > dss) and change it back to the old order (dss, then rsa). > > Have you attempted to change that order via sshd_config and > placing the > DSA directive before the RSA one ? sshd_config has no such config directive. ssh_config does, but that's for clients, and I have no way to interact with the clients. It would indeed be very nice if this key order, which seems like a prime candidate for configuration, was a configurable option in sshd_config, but it is not. I am fairly certain that I need to hack up some source files, and I thought I had it with myproposal.h (see link in OP) but there must be more, because that small change does not fix things...help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337297198.76003.YahooMailClassic>