SSH oddness with 8.0-STABLE
Pete French
petefrench at ticketswitch.com
Tue Dec 1 11:43:33 UTC 2009
> Usually the error you're seeing is indication that either the client or
> server changed from DSA to RSA, or vice-versa. I don't see anything in
> /etc/ssh/ssh_config or /etc/ssh/sshd_config between 7.2-STABLE and
> 8.0-STABLE which would indicate this changed.
There is, however, a not on /usr/src/UPDATING about this precise
effect. Viz:
20080801:
OpenSSH has been upgraded to 5.1p1.
For many years, FreeBSD's version of OpenSSH preferred DSA
over RSA for host and user authentication keys. With this
upgrade, we've switched to the vendor's default of RSA over
DSA. This may cause upgraded clients to warn about unknown
host keys even for previously known hosts. Users should
follow the usual procedure for verifying host keys before
accepting the RSA key.
This can be circumvented by setting the "HostKeyAlgorithms"
option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
command line.
Please note that the sequence of keys offered for
authentication has been changed as well. You may want to
specify IdentityFile in a different order to revert this
behavior.
More information about the freebsd-stable
mailing list