SSH oddness with 8.0-STABLE

[Jeremy Chadwick]

On Tue, Dec 01, 2009 at 11:43:23AM +0000, Pete French wrote:
> > Usually the error you're seeing is indication that either the client or
> > server changed from DSA to RSA, or vice-versa.  I don't see anything in
> > /etc/ssh/ssh_config or /etc/ssh/sshd_config between 7.2-STABLE and
> > 8.0-STABLE which would indicate this changed.
> 
> There is, however, a not on /usr/src/UPDATING about this precise
> effect. Viz:
> 
> 20080801:
>         OpenSSH has been upgraded to 5.1p1.
> 
>         For many years, FreeBSD's version of OpenSSH preferred DSA
>         over RSA for host and user authentication keys.  With this
>         upgrade, we've switched to the vendor's default of RSA over
>         DSA.  This may cause upgraded clients to warn about unknown
>         host keys even for previously known hosts.  Users should
>         follow the usual procedure for verifying host keys before
>         accepting the RSA key.
> 
>         This can be circumvented by setting the "HostKeyAlgorithms"
>         option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
>         command line.
> 
>         Please note that the sequence of keys offered for
>         authentication has been changed as well.  You may want to
>         specify IdentityFile in a different order to revert this
>         behavior.

This would indicate the OP was running a 7.2-STABLE system which was
built prior to 2008/08/01 (with some variance; sometimes the commit
times do not match the timestamp in src/UPDATING), or a system which had
not had mergemaster run on it to populate the changes into /etc/ssh.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |