--- On Thu, 5/17/12, Garrett Cooper <yaneg...@gmail.com> wrote:
> > ... but I'm afraid that changing that line in > myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the > problem. I did indeed make that change to > myproposal.h, manually, and then build the openssh-portable > port, but the behavior persists. > > > > If I simply REMOVE the RSA keys, the error goes away, > and existing DSA-using clients no longer bomb out, but this > is NOT a good solution for two reasons: > > > > 1. anytime I HUP, or start sshd, it's going to create > new RSA keys for me > > > > 2. It's possible that some clients out there really > have been using RSA all along (who knows) and now they are > completely broken, since RSA is not there at all. > > > > I'm more than happy to muck around in the source with > further little edits, just like I did with myproposal.h, but > I have no idea what they would be. > > > > Can anyone help me "make new ssh behave like old one" > ? > > You can probably issue an option via -o with ssh to skip the > prompt (see ssh_config… maybe there's something in there > that can help you). No, I'm not referring to > StrictHostKeyChecking either :). That's on the client side. I don't have access to the clients. I have no way to interact with the clients at all. I need a way to configure (or patch) the OpenSSH server such that it presents keys in the same order (first DSS, then RSA) as it used to. Anyone ? _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
