Date: Mon, 14 May 2001 00:00:28 +0200 From: Thomas Quinot <thomas@cuivre.fr.eu.org> To: Peter Wemm <peter@wemm.org> Cc: hackers@FreeBSD.ORG Subject: Re: SSH Must Die Message-ID: <20010514000028.B59747@melusine.cuivre.fr.eu.org> In-Reply-To: <20010513212429.EE3FD380C@overcee.netplex.com.au>; from peter@wemm.org on Sun, May 13, 2001 at 02:24:29PM -0700 References: <Pine.BSF.4.31.0105131544060.52994-100000@achilles.silby.com> <20010513212429.EE3FD380C@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 2001-05-13, Peter Wemm écrivait :
> The simplest thing is to do a ssh-keygen to generate a new RSA key and
> update ~/.ssh/authorized_keys2 once per remote machine that you connect
> to. Once that is done, it never bothers you again. You can change
> /etc/ssh/ssh_config so that it says 'Protocol 1,2', but that is avoiding
> the problem rather than using the more robust, cryptographically secure
> sshv2 wire protocol.
Ah. This seems to work around the very unfortunate situation described in
PR bin/27264. It seems very strange that one has to change the setup
on the *server* side to work around a regression on the client side.
Why cannot one use the same RSA public key for v1 and v2 client
authentication?
Thomas.
--
Thomas.Quinot@Cuivre.FR.EU.ORG
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010514000028.B59747>