Date: Sun, 24 Jun 2012 14:24:52 -0400 From: "J. Hellenthal" <jhellenthal@dataix.net> To: Robert Simmons <rsimmons0@gmail.com> Cc: ports@freebsd.org Subject: Re: security/openssh-portable line # 82 of rc.d/openssh generates DSA not ECDSA Message-ID: <20120624182452.GB4715@DataIX.net> In-Reply-To: <CA%2BQLa9Av=G98qc1jh00M6u2TBLsG0k0TLS2ujk1YnWTV9TyVFQ@mail.gmail.com> References: <20120624171753.GA15646@DataIX.net> <CA%2BQLa9Av=G98qc1jh00M6u2TBLsG0k0TLS2ujk1YnWTV9TyVFQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 24, 2012 at 01:46:20PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 1:17 PM, J. Hellenthal <jhellenthal@dataix.net> wrote: > > > > As stated in the subject > > > > if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then > > echo "You already have a Elliptic Curve DSA host key" \ > > "in /usr/local/etc/ssh/ssh_host_ecdsa_key" > > echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation" > > else > > /usr/local/bin/ssh-keygen -t dsa \ > > -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N '' > > fi > > > > > > Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to > > "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key > > in a different file. > > Good eye. I'm in the process of updating that port to 6.0p1. There > are quite a lot of local patches that are part of the port. At the > moment I'm muddling through what they do and whether they can be > removed or not. I didn't even notice this problem. > > I've attached a pair of patches that correct this problem. Open a PR > about this, and you can attach these patches to it. I'm not the > maintainer nor do I have commit privileges, but if you open a PR, I'm > sure someone will make the change. Should have also said the changes were already committed. > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120624182452.GB4715>