From owner-freebsd-security  Fri Mar  8 20:56:42 2002
Delivered-To: freebsd-security@freebsd.org
Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80])
	by hub.freebsd.org (Postfix) with SMTP id A036737B402
	for <freebsd-security@FreeBSD.ORG>; Fri,  8 Mar 2002 20:56:36 -0800 (PST)
Received: (qmail 10319 invoked by uid 1001); 9 Mar 2002 04:55:37 -0000
Date: Fri, 8 Mar 2002 23:55:37 -0500
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: Brett Glass <brett@lariat.org>
Cc: Jason Sopko <jason@sopko.net>, freebsd-security@FreeBSD.ORG
Subject: Re: openssh 3.1 port broken?
Message-ID: <20020308235536.B10178@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <20020308114426.29c0d676.damir@voljatel.si> <000601c1c6ae$69dc29d0$1c00a8c0@thematrixhasyou> <4.3.2.7.2.20020308170716.02b7d820@nospam.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <4.3.2.7.2.20020308170716.02b7d820@nospam.lariat.org>; from brett@lariat.org on Fri, Mar 08, 2002 at 05:08:44PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, Mar 08, 2002 at 05:08:44PM -0700, Brett Glass wrote:
> At 07:34 AM 3/8/2002, Jason Sopko wrote:
>   
> >Edit the Makefile in the openssh ports and modify line 106 to the
> >following:
> >
> >${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${PREFIX}/etc/ssh_host_key
> >
> >You just need to add '-t rsa1' to the line, that is all that needs
> >changed. I had the same problem and this worked for me. 
> >
> >///Jason
> 
> Better still, if you're replacing the version in the base install,
> shouldn't you skip the ssh-keygen altogether? Otherwise, every
> client will receive a message suggesting that your system may
> have been compromised..... Not reassuring. And some clients make
> it difficult to update a host key.
> 
> --Brett
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

and furthermore, if you actually used the old keys for any
scripts, they'll be broken. Always back up your
keypairs onto floppies.

-- 
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542 (Room)
860.486.1899 (Lab)
203.206.3784 (Cellphone)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message