Date: Sun, 11 Mar 2001 22:07:31 -0800 (PST) From: seraf@2600.com To: freebsd-gnats-submit@FreeBSD.org Subject: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key Message-ID: <200103120607.f2C67VE40280@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 25723 >Category: bin >Synopsis: OpenSSH on 4.2 excessively regenerates RSA host key >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 11 22:10:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dominick LaTrappe >Release: 4.2-20010212-STABLE >Organization: >Environment: FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001 sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M i386 >Description: When an SSH-2 session is started with FreeBSD 4.2's sshd in "Protocol 1,2" mode (i.e., accepting both SSH-1 and SSH-2 protocols), sshd maintains an RSA host key for use with SSH-1. The life of this key, ONCE IT HAS BEEN USED, is controlled by "KeyRegenerationInterval". However, when an SSH-2 connection is established, which does not utilize said key, said key is considered "used" anyway, increasing the number of key regenerations unnecessarily. >How-To-Repeat: /etc/ssh/sshd_config contains "Protocols 1,2" and "KeyRegenerationInterval 1" (to make the bug dramatic ;-). Enter: "ssh -2 somebody@localhost" and then examine your sshd logs. You will see that each time an SSH-2 connection is formed, the SSH-1 RSA host key regenerates unnecessarily. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103120607.f2C67VE40280>