svn commit: r294495 - in head: . crypto/openssh
Dag-Erling Smørgrav
des at FreeBSD.org
Thu Jan 21 11:10:16 UTC 2016
Author: des
Date: Thu Jan 21 11:10:14 2016
New Revision: 294495
URL: https://svnweb.freebsd.org/changeset/base/294495
Log:
Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
Noticed by: glebius
Modified:
head/UPDATING
head/crypto/openssh/myproposal.h (contents, props changed)
head/crypto/openssh/ssh_config.5
head/crypto/openssh/sshd_config.5
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Thu Jan 21 10:57:45 2016 (r294494)
+++ head/UPDATING Thu Jan 21 11:10:14 2016 (r294495)
@@ -32,10 +32,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20160119:
- The default configuration of ssh(1) no longer allows to use ssh-dss
- keys. To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes
- option in the /etc/ssh/ssh_config. Refer to ssh_config(5) for more
- information.
The NONE and HPN patches has been removed from OpenSSH. They are
still available in the security/openssh-portable port.
Modified: head/crypto/openssh/myproposal.h
==============================================================================
--- head/crypto/openssh/myproposal.h Thu Jan 21 10:57:45 2016 (r294494)
+++ head/crypto/openssh/myproposal.h Thu Jan 21 11:10:14 2016 (r294495)
@@ -1,4 +1,5 @@
/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
+/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -99,9 +100,11 @@
HOSTKEY_ECDSA_CERT_METHODS \
"ssh-ed25519-cert-v01 at openssh.com," \
"ssh-rsa-cert-v01 at openssh.com," \
+ "ssh-dss-cert-v01 at openssh.com," \
HOSTKEY_ECDSA_METHODS \
"ssh-ed25519," \
- "ssh-rsa" \
+ "ssh-rsa," \
+ "ssh-dss"
/* the actual algorithms */
Modified: head/crypto/openssh/ssh_config.5
==============================================================================
--- head/crypto/openssh/ssh_config.5 Thu Jan 21 10:57:45 2016 (r294494)
+++ head/crypto/openssh/ssh_config.5 Thu Jan 21 11:10:14 2016 (r294495)
@@ -798,8 +798,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
The
@@ -821,8 +823,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
@@ -1251,8 +1255,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
The
Modified: head/crypto/openssh/sshd_config.5
==============================================================================
--- head/crypto/openssh/sshd_config.5 Thu Jan 21 10:57:45 2016 (r294494)
+++ head/crypto/openssh/sshd_config.5 Thu Jan 21 11:10:14 2016 (r294495)
@@ -657,8 +657,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
The
@@ -752,8 +754,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
The list of available key types may also be obtained using the
@@ -1355,8 +1359,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
.Ed
.Pp
The
More information about the svn-src-head
mailing list