From owner-freebsd-ports@FreeBSD.ORG Sun Jun 24 19:02:56 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A76421065670 for ; Sun, 24 Jun 2012 19:02:56 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 567FF8FC15 for ; Sun, 24 Jun 2012 19:02:56 +0000 (UTC) Received: by obbun3 with SMTP id un3so6750406obb.13 for ; Sun, 24 Jun 2012 12:02:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=cyD8+2Gf7VFdEeqyzZFD/scqlaNlIPsx+EztG1sLanU=; b=KZHzTuqAGzRGHj2BDfyxoGkYXaQ+D6C2Ench9WTzvhRnKD+3VDHxkVeugyUApQrjvi nt/8ycIfQbO6fDW5w1UypWV6aKezpWDekIC1BNYLR58dDHdEdvOa8hsqKvF3T7N3g+go TwbCF/s36rOtgnQMG2mhO/ra0rkjG7JLl4Ork= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:x-gm-message-state; bh=cyD8+2Gf7VFdEeqyzZFD/scqlaNlIPsx+EztG1sLanU=; b=AU+aMFGOjC8AEMuItg27IK4MGO5r0a9MQE0JfH6SxLnGDPhpy2WEqTh/jGUhUM79ub QmRtPRjppyPdK/SJXEcLaFdKB+XgTYuS68qqrva+zjq0d5o47GY/hiRgENKAMUvHP/DH MExgkKctpisY8rQWJslXkhwaX60K8ASXH+8eR0rxZf8On+ypO0zpckVogmbTr+iEeprD Tza6c+T/HqdjsKMRa0UKrGiLxEHnZTCaIvN5AOSTkaonhTcxXc05kvdyWC0TIxrrU8tI Vt4EAh6TgJ11B/S8BTLgt6RLGhmLlLr8CS4JusXdvn5BoKx7So+64OqilYReHMRcRTxv heFw== Received: by 10.50.159.135 with SMTP id xc7mr6465073igb.9.1340564575877; Sun, 24 Jun 2012 12:02:55 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id vi7sm4715549igb.1.2012.06.24.12.02.55 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 12:02:55 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OJ2rGu020847 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 15:02:53 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OJ2rOj020846; Sun, 24 Jun 2012 15:02:53 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 15:02:53 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624190253.GA20832@DataIX.net> References: <20120624171753.GA15646@DataIX.net> <20120624182452.GB4715@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Gm-Message-State: ALoCoQmY1ZaALku6VDlfjR9gbMpawjNeUiB7mhlNmabMeZjG9WCmWbKuolz3s+aK0GNIlitRqF2l Cc: ports@freebsd.org Subject: Re: security/openssh-portable line # 82 of rc.d/openssh generates DSA not ECDSA X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:02:56 -0000 On Sun, Jun 24, 2012 at 02:38:54PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 2:24 PM, J. Hellenthal wrote: > > On Sun, Jun 24, 2012 at 01:46:20PM -0400, Robert Simmons wrote: > >> On Sun, Jun 24, 2012 at 1:17 PM, J. Hellenthal wrote: > >> > > >> > As stated in the subject > >> > > >> > if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then > >> >        echo "You already have a Elliptic Curve DSA host key" \ > >> >                "in /usr/local/etc/ssh/ssh_host_ecdsa_key" > >> >        echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation" > >> > else > >> >        /usr/local/bin/ssh-keygen -t dsa \ > >> >                -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N '' > >> > fi > >> > > >> > > >> > Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to > >> > "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key > >> > in a different file. > >> > >> Good eye.  I'm in the process of updating that port to 6.0p1.  There > >> are quite a lot of local patches that are part of the port.  At the > >> moment I'm muddling through what they do and whether they can be > >> removed or not.  I didn't even notice this problem. > >> > >> I've attached a pair of patches that correct this problem.  Open a PR > >> about this, and you can attach these patches to it.  I'm not the > >> maintainer nor do I have commit privileges, but if you open a PR, I'm > >> sure someone will make the change. > > > > Should have also said the changes were already committed. > > I also want to see what can be pushed upstream. I understand that the > OpenBSD/OpenSSH people are touchy about outside patches, but I think > they should at least accept a patch to configure so that FreeBSD's > native openpty() is detected properly. Agree'd. openssh-portable team would be the ones to contact. -- - (2^(N-1))