security/openssh-portable line # 82 of rc.d/openssh generates
DSA not ECDSA
Robert Simmons
rsimmons0 at gmail.com
Sun Jun 24 17:46:21 UTC 2012
On Sun, Jun 24, 2012 at 1:17 PM, J. Hellenthal <jhellenthal at dataix.net> wrote:
>
> As stated in the subject
>
> if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
> echo "You already have a Elliptic Curve DSA host key" \
> "in /usr/local/etc/ssh/ssh_host_ecdsa_key"
> echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
> else
> /usr/local/bin/ssh-keygen -t dsa \
> -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N ''
> fi
>
>
> Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to
> "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key
> in a different file.
Good eye. I'm in the process of updating that port to 6.0p1. There
are quite a lot of local patches that are part of the port. At the
moment I'm muddling through what they do and whether they can be
removed or not. I didn't even notice this problem.
I've attached a pair of patches that correct this problem. Open a PR
about this, and you can attach these patches to it. I'm not the
maintainer nor do I have commit privileges, but if you open a PR, I'm
sure someone will make the change.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile.diff
Type: application/octet-stream
Size: 335 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120624/8e6fa81e/Makefile.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh.in.diff
Type: application/octet-stream
Size: 455 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120624/8e6fa81e/openssh.in.obj
More information about the freebsd-ports
mailing list