Need to revert behavior of OpenSSH to the old key order ...
Jason Usher
jusher71 at yahoo.com
Mon May 21 21:28:19 UTC 2012
--- On Mon, 5/21/12, Garance A Drosehn <gad at FreeBSD.org> wrote:
> But have you tried it in this order ?
>
> HostKey /usr/local/etc/ssh/ssh_host_key
> HostKey
> /usr/local/etc/ssh/ssh_host_dsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_rsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_ecdsa_key
>
> Which is to say, have your sshd_config file list multiple
> hostkey's, and then restart sshd after making that change?
> I tried a similar change and it seemed to have some effect
> on what clients saw when connecting, but I can't tell if
> it has the effect that you want.
The order of HostKey directives in sshd_config does not change the actual order. In newer implementations, RSA is provided first, no matter how you configure the sshd_config.
As I mentioned before, removing RSA completely is sort of a fix, but I can't do that because some people might actually be explicitly using RSA, and they would all break.
Anyone ?
More information about the freebsd-hackers
mailing list