security/openssh-portable line # 82 of rc.d/openssh generates DSA
not ECDSA
J. Hellenthal
jhellenthal at dataix.net
Sun Jun 24 17:17:58 UTC 2012
As stated in the subject
if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
echo "You already have a Elliptic Curve DSA host key" \
"in /usr/local/etc/ssh/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
else
/usr/local/bin/ssh-keygen -t dsa \
-f /usr/local/etc/ssh/ssh_host_ecdsa_key -N ''
fi
Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to
"-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key
in a different file.
--
- (2^(N-1))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120624/db20abb3/attachment.pgp
More information about the freebsd-ports
mailing list