SSH oddness with 8.0-STABLE
Norman Maurer
norman.maurer at googlemail.com
Tue Dec 1 12:51:11 UTC 2009
I think this is the affect of this:
20080801:
OpenSSH has been upgraded to 5.1p1.
For many years, FreeBSD's version of OpenSSH preferred DSA
over RSA for host and user authentication keys. With this
upgrade, we've switched to the vendor's default of RSA over
DSA. This may cause upgraded clients to warn about unknown
host keys even for previously known hosts. Users should
follow the usual procedure for verifying host keys before
accepting the RSA key.
This can be circumvented by setting the "HostKeyAlgorithms"
option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
command line.
Please note that the sequence of keys offered for
authentication has been changed as well. You may want to
specify IdentityFile in a different order to revert this
behavior.
Bye,
Norman
2009/12/1 Dimitry Andric <dimitry at andric.com>:
> On 2009-12-01 12:55, Jeremy Chadwick wrote:
>> This would indicate the OP was running a 7.2-STABLE system which was
>> built prior to 2008/08/01 (with some variance; sometimes the commit
>> times do not match the timestamp in src/UPDATING), or a system which had
>> not had mergemaster run on it to populate the changes into /etc/ssh.
>
> The stable/7 branch still uses "ssh-dss,ssh-rsa" by default. In the
> stable/8 branch, this was changed in revision 181111, Fri Aug 1 02:48:36
> 2008 UTC:
>
> http://svn.freebsd.org/viewvc/base/stable/8/crypto/openssh/myproposal.h?r1=181097&r2=181111
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
More information about the freebsd-stable
mailing list