From owner-freebsd-hackers@FreeBSD.ORG Thu May 17 23:26:39 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F69B1065670 for ; Thu, 17 May 2012 23:26:39 +0000 (UTC) (envelope-from jusher71@yahoo.com) Received: from nm16-vm2.bullet.mail.ne1.yahoo.com (nm16-vm2.bullet.mail.ne1.yahoo.com [98.138.91.92]) by mx1.freebsd.org (Postfix) with SMTP id 406538FC14 for ; Thu, 17 May 2012 23:26:39 +0000 (UTC) Received: from [98.138.90.52] by nm16.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:26:38 -0000 Received: from [98.138.88.238] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:26:38 -0000 Received: from [127.0.0.1] by omp1038.mail.ne1.yahoo.com with NNFMP; 17 May 2012 23:26:38 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 769988.34560.bm@omp1038.mail.ne1.yahoo.com Received: (qmail 98261 invoked by uid 60001); 17 May 2012 23:26:38 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1337297198; bh=I/Qzprx/MmyA3t575CKC9cwM5eEmsyKoXwW5huu8Xj8=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=UQo/1bLcfXoK+g0DniGzULHE/M7csdVsN+s7YjF/UM8EfOMHwUKr95LXrrCRsLNIAY0enajR+FmzzqDfIobZv/orPpJdcBQNLWgy+e7l8owotns8x7iqOBGf2X4JS9kEckisyket7uFghPz8HddEwg+SFaXAvnKuP5eJg306W8A= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Du7nosBf2cOFILtkmVPPqpOtoTP8qg1x0iFti5kjLbrMCCuKtGb2BYSjZN181OOtQl2hO7d628p6HQxB35dex4QuwHit7KqP1weom25DwQx+WKe/i+u2+8+j5bDya24ehIe1djQAHdgnDk08UvJ6S6CiYhQnZJoEYxaUW1HM1/k=; X-YMail-OSG: hd3op6YVM1lN8E1H_osubS6uFbRoYZxnRXOxu4R1jYapGA5 jJOT6UZcgcdg2kJu.95YnKAsJ1lKmt4bTIi2Qtv2Hd_Njbtb2D8kdaN3GGQ3 s2i5m4o8v6QiooqFl7eU2IZOAYyjhwY0eP_w4QchJtXi_mwLXbaABpO3uFtu LfDwojjLcEQdQ7_jzBOO19ssOqV4pzSEZDpvIoE5RCDVAZOLe2b2XaqRUAmA ll0vRszTrhI9cDXmU4PXSyhqz0MTw4ToYlgPCwuD9YMLldUGQ0JbHMdZQCcz RirVliAZ9BgG4h2LVwF8hKeXukDq3AJ7B4x221tEJm99eqQhCQft3pbRfqBp RDoiYGy4KQjtKZHF37mgJZENil21tfR7H_W_fjnbVwtbV2jARUSs8PR7TaFl vsnQ2TE.37Qg1XPTM16bsqkpZnbeRykExPdnvdyG3dKVnSCvpbg-- Received: from [173.164.238.34] by web122503.mail.ne1.yahoo.com via HTTP; Thu, 17 May 2012 16:26:38 PDT X-Mailer: YahooMailClassic/15.0.6 YahooMailWebService/0.8.118.349524 Message-ID: <1337297198.76003.YahooMailClassic@web122503.mail.ne1.yahoo.com> Date: Thu, 17 May 2012 16:26:38 -0700 (PDT) From: Jason Usher To: Jason Hellenthal In-Reply-To: <20120517232238.GA91365@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Fri, 18 May 2012 02:38:58 +0000 Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2012 23:26:39 -0000 =0A=0A--- On Thu, 5/17/12, Jason Hellenthal wrote:= =0A=0A> > That is not the standard "key mismatch" error that you=0A> assume= d it was.=A0 Look at it again - it is saying that=0A> we do have a key for = this server of type DSA, but the client=0A> is receiving one of type RSA, e= tc.=0A> > =0A> > The keys are the same - they have not changed at all -=0A>= they are just being presented to clients in the reverse=0A> order, which i= s confusing them and breaking automated,=0A> key-based login.=0A> > =0A> > = I need to take current ssh server behavior (rsa, then=0A> dss) and change i= t back to the old order (dss, then rsa).=0A> =0A> Have you attempted to cha= nge that order via sshd_config and=0A> placing the=0A> DSA directive before= the RSA one ?=0A=0A=0Asshd_config has no such config directive. ssh_confi= g does, but that's for clients, and I have no way to interact with the clie= nts.=0A=0AIt would indeed be very nice if this key order, which seems like = a prime candidate for configuration, was a configurable option in sshd_conf= ig, but it is not.=0A=0AI am fairly certain that I need to hack up some sou= rce files, and I thought I had it with myproposal.h (see link in OP) but th= ere must be more, because that small change does not fix things...