--- On Thu, 5/17/12, Jason Hellenthal <jhellent...@dataix.net> wrote:
> On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher > wrote: > > I have some old 6.x FreeBSD systems that need their > OpenSSH upgraded. > > > > Everything goes just fine, but when I am done, existing > clients are now presented with this message: > > > > > > WARNING: DSA key found for host hostname > > in /root/.ssh/known_hosts:12 > > DSA key fingerprint 4c:29:4b:6e:b8:6b:fa:49....... > > > > The authenticity of host 'hostname (10.1.2.3)' can't be > established > > but keys of different type are already known for this > host. > > RSA key fingerprint is a3:22:3d:cf:f2:46:09:f2...... > > Are you sure you want to continue connecting (yes/no) > > > > You must be using different keys for your server than the > one that has > been generated before the upgrade. Just copy your keys over > to the new > location and restart the server daemon and you should be > fine. > > copy /etc/ssh/* -> /usr/local/etc/ssh/ You didn't read that error message. That is not the standard "key mismatch" error that you assumed it was. Look at it again - it is saying that we do have a key for this server of type DSA, but the client is receiving one of type RSA, etc. The keys are the same - they have not changed at all - they are just being presented to clients in the reverse order, which is confusing them and breaking automated, key-based login. I need to take current ssh server behavior (rsa, then dss) and change it back to the old order (dss, then rsa). _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
