svn commit: r294495 - in head: . crypto/openssh

Dag-Erling Smørgrav des at FreeBSD.org
Thu Jan 21 11:10:16 UTC 2016 

Author: des
Date: Thu Jan 21 11:10:14 2016
New Revision: 294495
URL: https://svnweb.freebsd.org/changeset/base/294495

Log:
  Enable DSA keys by default.  They were disabled in OpenSSH 6.9p1.
  
  Noticed by:	glebius

Modified:
  head/UPDATING
  head/crypto/openssh/myproposal.h   (contents, props changed)
  head/crypto/openssh/ssh_config.5
  head/crypto/openssh/sshd_config.5

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Thu Jan 21 10:57:45 2016	(r294494)
+++ head/UPDATING	Thu Jan 21 11:10:14 2016	(r294495)
@@ -32,10 +32,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
 20160119:
-	The default configuration of ssh(1) no longer allows to use ssh-dss
-	keys.  To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes
-	option in the /etc/ssh/ssh_config.  Refer to ssh_config(5) for more
-	information.
 	The NONE and HPN patches has been removed from OpenSSH.  They are
 	still available in the security/openssh-portable port.
 

Modified: head/crypto/openssh/myproposal.h
==============================================================================
--- head/crypto/openssh/myproposal.h	Thu Jan 21 10:57:45 2016	(r294494)
+++ head/crypto/openssh/myproposal.h	Thu Jan 21 11:10:14 2016	(r294495)
@@ -1,4 +1,5 @@
 /* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
+/* $FreeBSD$ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -99,9 +100,11 @@
 	HOSTKEY_ECDSA_CERT_METHODS \
 	"ssh-ed25519-cert-v01 at openssh.com," \
 	"ssh-rsa-cert-v01 at openssh.com," \
+	"ssh-dss-cert-v01 at openssh.com," \
 	HOSTKEY_ECDSA_METHODS \
 	"ssh-ed25519," \
-	"ssh-rsa" \
+	"ssh-rsa," \
+	"ssh-dss"
 
 /* the actual algorithms */
 

Modified: head/crypto/openssh/ssh_config.5
==============================================================================
--- head/crypto/openssh/ssh_config.5	Thu Jan 21 10:57:45 2016	(r294494)
+++ head/crypto/openssh/ssh_config.5	Thu Jan 21 11:10:14 2016	(r294495)
@@ -798,8 +798,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The
@@ -821,8 +823,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 If hostkeys are known for the destination host then this default is modified
@@ -1251,8 +1255,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The

Modified: head/crypto/openssh/sshd_config.5
==============================================================================
--- head/crypto/openssh/sshd_config.5	Thu Jan 21 10:57:45 2016	(r294494)
+++ head/crypto/openssh/sshd_config.5	Thu Jan 21 11:10:14 2016	(r294495)
@@ -657,8 +657,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The
@@ -752,8 +754,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The list of available key types may also be obtained using the
@@ -1355,8 +1359,10 @@ ecdsa-sha2-nistp384-cert-v01 at openssh.com
 ecdsa-sha2-nistp521-cert-v01 at openssh.com,
 ssh-ed25519-cert-v01 at openssh.com,
 ssh-rsa-cert-v01 at openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-v01 at openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The

More information about the svn-src-head mailing list