Date: Thu, 17 May 2012 16:26:38 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337297198.76003.YahooMailClassic@web122503.mail.ne1.yahoo.com> In-Reply-To: <20120517232238.GA91365@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A=0A--- On Thu, 5/17/12, Jason Hellenthal <jhellenthal@dataix.net> wrote:= =0A=0A> > That is not the standard "key mismatch" error that you=0A> assume= d it was.=A0 Look at it again - it is saying that=0A> we do have a key for = this server of type DSA, but the client=0A> is receiving one of type RSA, e= tc.=0A> > =0A> > The keys are the same - they have not changed at all -=0A>= they are just being presented to clients in the reverse=0A> order, which i= s confusing them and breaking automated,=0A> key-based login.=0A> > =0A> > = I need to take current ssh server behavior (rsa, then=0A> dss) and change i= t back to the old order (dss, then rsa).=0A> =0A> Have you attempted to cha= nge that order via sshd_config and=0A> placing the=0A> DSA directive before= the RSA one ?=0A=0A=0Asshd_config has no such config directive. ssh_confi= g does, but that's for clients, and I have no way to interact with the clie= nts.=0A=0AIt would indeed be very nice if this key order, which seems like = a prime candidate for configuration, was a configurable option in sshd_conf= ig, but it is not.=0A=0AI am fairly certain that I need to hack up some sou= rce files, and I thought I had it with myproposal.h (see link in OP) but th= ere must be more, because that small change does not fix things...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337297198.76003.YahooMailClassic>