Need to revert behavior of OpenSSH to the old key order ...

Jason Hellenthal jhellenthal at dataix.net
Fri May 18 01:19:08 UTC 2012



On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher wrote:
> 
> 
> --- On Thu, 5/17/12, Jason Hellenthal <jhellenthal at dataix.net> wrote:
> 
> > > That is not the standard "key mismatch" error that you
> > assumed it was.? Look at it again - it is saying that
> > we do have a key for this server of type DSA, but the client
> > is receiving one of type RSA, etc.
> > > 
> > > The keys are the same - they have not changed at all -
> > they are just being presented to clients in the reverse
> > order, which is confusing them and breaking automated,
> > key-based login.
> > > 
> > > I need to take current ssh server behavior (rsa, then
> > dss) and change it back to the old order (dss, then rsa).
> > 
> > Have you attempted to change that order via sshd_config and
> > placing the
> > DSA directive before the RSA one ?
> 
> 
> sshd_config has no such config directive.  ssh_config does, but that's for clients, and I have no way to interact with the clients.
> 
> It would indeed be very nice if this key order, which seems like a prime candidate for configuration, was a configurable option in sshd_config, but it is not.
> 
> I am fairly certain that I need to hack up some source files, and I thought I had it with myproposal.h (see link in OP) but there must be more, because that small change does not fix things...

You don't have any of this in your config ?

# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh/ssh_host_dsa_key
#HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key

-- 

 - (2^(N-1))


More information about the freebsd-hackers mailing list