Date: Sat, 13 Nov 1999 01:34:16 +0100 From: Ollivier Robert <roberto@keltia.freenix.fr> To: Niels Provos <provos@citi.umich.edu> Cc: freebsd-ports@freebsd.org, markus@openbsd.org Subject: Re: Weird problem with OpenSSH Message-ID: <19991113013416.A61292@keltia.freenix.fr> In-Reply-To: <199911121955.OAA18322@india.citi.umich.edu> References: <199911121955.OAA18322@india.citi.umich.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Niels Provos: > This means that the key on freefall has been generated with a buggy > version of ssh-keygen that pretended to create a 1024 bit key but only > created a 1023 bit one. ssh-1.2.27 is lying about key sizes because > it never checks them, whereas OpenSSH does. freefall is running 1.2.26 but the key was generated far before that of course. > In your case I presume the following happened, the key for freefall > changed, and you used OpenSSH for the first time. When OpenSSH receives > the public key from the server it notices: Not between my two runs, one with 1.2.27 and the other with OpenSSH. > 1. the key in known_hosts labeled freefall.freebsd.org is different > from the one that I just received That's not it. ssh 1.2.27 has no problem connecting. > DNS spoofing might be happening. This is also true if there > is no entry for the IP address itself, which can happen when > you didnt use OpenSSH before. Hmmm, that may be this "feature". ssh doesn't record both IP and name whereas OpenSSH does (I've always wondered by ssh doesn't do it automatically...). Thanks, -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #75: Tue Nov 2 21:03:12 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991113013416.A61292>