Need to revert behavior of OpenSSH to the old key order ...
Jason Hellenthal
jhellenthal at dataix.net
Fri May 18 01:19:08 UTC 2012
On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher wrote:
>
>
> --- On Thu, 5/17/12, Jason Hellenthal <jhellenthal at dataix.net> wrote:
>
> > > That is not the standard "key mismatch" error that you
> > assumed it was.? Look at it again - it is saying that
> > we do have a key for this server of type DSA, but the client
> > is receiving one of type RSA, etc.
> > >
> > > The keys are the same - they have not changed at all -
> > they are just being presented to clients in the reverse
> > order, which is confusing them and breaking automated,
> > key-based login.
> > >
> > > I need to take current ssh server behavior (rsa, then
> > dss) and change it back to the old order (dss, then rsa).
> >
> > Have you attempted to change that order via sshd_config and
> > placing the
> > DSA directive before the RSA one ?
>
>
> sshd_config has no such config directive. ssh_config does, but that's for clients, and I have no way to interact with the clients.
>
> It would indeed be very nice if this key order, which seems like a prime candidate for configuration, was a configurable option in sshd_config, but it is not.
>
> I am fairly certain that I need to hack up some source files, and I thought I had it with myproposal.h (see link in OP) but there must be more, because that small change does not fix things...
You don't have any of this in your config ?
# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh/ssh_host_dsa_key
#HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key
--
- (2^(N-1))
More information about the freebsd-hackers
mailing list