security/openssh-portable line # 82 of rc.d/openssh generates
DSA not ECDSA
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Sun Jun 24 17:52:38 UTC 2012
On Mon, Jun 25, 2012 at 1:17 AM, J. Hellenthal <jhellenthal at dataix.net> wrote:
>
> As stated in the subject
>
> if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
> echo "You already have a Elliptic Curve DSA host key" \
> "in /usr/local/etc/ssh/ssh_host_ecdsa_key"
> echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
> else
> /usr/local/bin/ssh-keygen -t dsa \
> -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N ''
> fi
>
>
> Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to
> "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key
> in a different file.
>
> --
>
> - (2^(N-1))
Committed. Thanks!
More information about the freebsd-ports
mailing list