From owner-freebsd-bugs Sun Mar 11 22:10: 9 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1764637B71D for ; Sun, 11 Mar 2001 22:10:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2C6A2l40670; Sun, 11 Mar 2001 22:10:02 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 55FBC37B719 for ; Sun, 11 Mar 2001 22:07:31 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2C67VE40280; Sun, 11 Mar 2001 22:07:31 -0800 (PST) (envelope-from nobody) Message-Id: <200103120607.f2C67VE40280@freefall.freebsd.org> Date: Sun, 11 Mar 2001 22:07:31 -0800 (PST) From: seraf@2600.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/25723: OpenSSH on 4.2 excessively regenerates RSA host key Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25723 >Category: bin >Synopsis: OpenSSH on 4.2 excessively regenerates RSA host key >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 11 22:10:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dominick LaTrappe >Release: 4.2-20010212-STABLE >Organization: >Environment: FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001 sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M i386 >Description: When an SSH-2 session is started with FreeBSD 4.2's sshd in "Protocol 1,2" mode (i.e., accepting both SSH-1 and SSH-2 protocols), sshd maintains an RSA host key for use with SSH-1. The life of this key, ONCE IT HAS BEEN USED, is controlled by "KeyRegenerationInterval". However, when an SSH-2 connection is established, which does not utilize said key, said key is considered "used" anyway, increasing the number of key regenerations unnecessarily. >How-To-Repeat: /etc/ssh/sshd_config contains "Protocols 1,2" and "KeyRegenerationInterval 1" (to make the bug dramatic ;-). Enter: "ssh -2 somebody@localhost" and then examine your sshd logs. You will see that each time an SSH-2 connection is formed, the SSH-1 RSA host key regenerates unnecessarily. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message