Need to revert behavior of OpenSSH to the old key order ...
Jason Usher
jusher71 at yahoo.com
Thu May 17 23:01:59 UTC 2012
--- On Thu, 5/17/12, Garrett Cooper <yanegomi at gmail.com> wrote:
> > ... but I'm afraid that changing that line in
> myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the
> problem. I did indeed make that change to
> myproposal.h, manually, and then build the openssh-portable
> port, but the behavior persists.
> >
> > If I simply REMOVE the RSA keys, the error goes away,
> and existing DSA-using clients no longer bomb out, but this
> is NOT a good solution for two reasons:
> >
> > 1. anytime I HUP, or start sshd, it's going to create
> new RSA keys for me
> >
> > 2. It's possible that some clients out there really
> have been using RSA all along (who knows) and now they are
> completely broken, since RSA is not there at all.
> >
> > I'm more than happy to muck around in the source with
> further little edits, just like I did with myproposal.h, but
> I have no idea what they would be.
> >
> > Can anyone help me "make new ssh behave like old one"
> ?
>
> You can probably issue an option via -o with ssh to skip the
> prompt (see ssh_config… maybe there's something in there
> that can help you). No, I'm not referring to
> StrictHostKeyChecking either :).
That's on the client side.
I don't have access to the clients. I have no way to interact with the clients at all.
I need a way to configure (or patch) the OpenSSH server such that it presents keys in the same order (first DSS, then RSA) as it used to.
Anyone ?
More information about the freebsd-hackers
mailing list