From owner-freebsd-hackers Sun May 13 15: 0:32 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from melusine.cuivre.fr.eu.org (ppp16-net1-idf3-bas1.isdnet.net [195.154.52.16]) by hub.freebsd.org (Postfix) with ESMTP id 4EA9837B423 for ; Sun, 13 May 2001 15:00:30 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id A516224D02; Mon, 14 May 2001 00:00:28 +0200 (CEST) Date: Mon, 14 May 2001 00:00:28 +0200 From: Thomas Quinot To: Peter Wemm Cc: hackers@FreeBSD.ORG Subject: Re: SSH Must Die Message-ID: <20010514000028.B59747@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: <20010513212429.EE3FD380C@overcee.netplex.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20010513212429.EE3FD380C@overcee.netplex.com.au>; from peter@wemm.org on Sun, May 13, 2001 at 02:24:29PM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Le 2001-05-13, Peter Wemm écrivait : > The simplest thing is to do a ssh-keygen to generate a new RSA key and > update ~/.ssh/authorized_keys2 once per remote machine that you connect > to. Once that is done, it never bothers you again. You can change > /etc/ssh/ssh_config so that it says 'Protocol 1,2', but that is avoiding > the problem rather than using the more robust, cryptographically secure > sshv2 wire protocol. Ah. This seems to work around the very unfortunate situation described in PR bin/27264. It seems very strange that one has to change the setup on the *server* side to work around a regression on the client side. Why cannot one use the same RSA public key for v1 and v2 client authentication? Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message