From owner-freebsd-ports Fri Nov 12 16:54: 8 1999 Delivered-To: freebsd-ports@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 0B84115094 for ; Fri, 12 Nov 1999 16:53:48 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.5/nospam) with UUCP id BAA24715; Sat, 13 Nov 1999 01:53:41 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 20B268711; Sat, 13 Nov 1999 01:34:16 +0100 (CET) Date: Sat, 13 Nov 1999 01:34:16 +0100 From: Ollivier Robert To: Niels Provos Cc: freebsd-ports@freebsd.org, markus@openbsd.org Subject: Re: Weird problem with OpenSSH Message-ID: <19991113013416.A61292@keltia.freenix.fr> Mail-Followup-To: Niels Provos , freebsd-ports@freebsd.org, markus@openbsd.org References: <199911121955.OAA18322@india.citi.umich.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0pre2i In-Reply-To: <199911121955.OAA18322@india.citi.umich.edu> X-Operating-System: FreeBSD 4.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Niels Provos: > This means that the key on freefall has been generated with a buggy > version of ssh-keygen that pretended to create a 1024 bit key but only > created a 1023 bit one. ssh-1.2.27 is lying about key sizes because > it never checks them, whereas OpenSSH does. freefall is running 1.2.26 but the key was generated far before that of course. > In your case I presume the following happened, the key for freefall > changed, and you used OpenSSH for the first time. When OpenSSH receives > the public key from the server it notices: Not between my two runs, one with 1.2.27 and the other with OpenSSH. > 1. the key in known_hosts labeled freefall.freebsd.org is different > from the one that I just received That's not it. ssh 1.2.27 has no problem connecting. > DNS spoofing might be happening. This is also true if there > is no entry for the IP address itself, which can happen when > you didnt use OpenSSH before. Hmmm, that may be this "feature". ssh doesn't record both IP and name whereas OpenSSH does (I've always wondered by ssh doesn't do it automatically...). Thanks, -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #75: Tue Nov 2 21:03:12 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message