Date: Thu, 17 May 2012 14:17:03 -0700 (PDT) From: Jason Usher <jusher71@yahoo.com> To: freebsd-hackers@freebsd.org Subject: Need to revert behavior of OpenSSH to the old key order ... Message-ID: <1337289423.15300.YahooMailClassic@web122503.mail.ne1.yahoo.com>
next in thread | raw e-mail | index | archive | help
I have some old 6.x FreeBSD systems that need their OpenSSH upgraded.=0A=0A= Everything goes just fine, but when I am done, existing clients are now pre= sented with this message:=0A=0A=0AWARNING: DSA key found for host hostname= =0Ain /root/.ssh/known_hosts:12=0ADSA key fingerprint 4c:29:4b:6e:b8:6b:fa:= 49.......=0A=0AThe authenticity of host 'hostname (10.1.2.3)' can't be esta= blished=0Abut keys of different type are already known for this host.=0ARSA= key fingerprint is a3:22:3d:cf:f2:46:09:f2......=0AAre you sure you want t= o continue connecting (yes/no)=0A=0A=0AAnd as you can imagine, existing aut= omated jobs now all fail.=0A=0AI have no control over the clients.=A0 Assum= e the clients cannot be touched at all.=0A=0ASo, the good news is, this app= ears to have been discussed/documented here:=0A=0Ahttp://www.mail-archive.c= om/bugs@crater.dragonflybsd.org/msg04860.html=0A=0A... but I'm afraid that = changing that line in myproposal.h BACK TO ssh-dss,ssh-rsa does not solve t= he problem.=A0 I did indeed make that change to myproposal.h, manually, and= then build the openssh-portable port, but the behavior persists.=0A=0AIf I= simply REMOVE the RSA keys, the error goes away, and existing DSA-using cl= ients no longer bomb out, but this is NOT a good solution for two reasons:= =0A=0A1. anytime I HUP, or start sshd, it's going to create new RSA keys fo= r me=0A=0A2. It's possible that some clients out there really have been usi= ng RSA all along (who knows) and now they are completely broken, since RSA = is not there at all.=0A=0AI'm more than happy to muck around in the source = with further little edits, just like I did with myproposal.h, but I have no= idea what they would be.=0A=0ACan anyone help me "make new ssh behave like= old one" ?=0A=0AThanks.=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337289423.15300.YahooMailClassic>