--- On Thu, 5/17/12, Jason Hellenthal <jhellent...@dataix.net> wrote:
> On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher > wrote: > > > > > > --- On Thu, 5/17/12, Jason Hellenthal <jhellent...@dataix.net> > wrote: > > > > > > That is not the standard "key mismatch" error > that you > > > assumed it was.? Look at it again - it is saying > that > > > we do have a key for this server of type DSA, but > the client > > > is receiving one of type RSA, etc. > > > > > > > > The keys are the same - they have not changed > at all - > > > they are just being presented to clients in the > reverse > > > order, which is confusing them and breaking > automated, > > > key-based login. > > > > > > > > I need to take current ssh server behavior > (rsa, then > > > dss) and change it back to the old order (dss, > then rsa). > > > > > > Have you attempted to change that order via > sshd_config and > > > placing the > > > DSA directive before the RSA one ? > > > > > > sshd_config has no such config directive. > ssh_config does, but that's for clients, and I have no way > to interact with the clients. > > > > It would indeed be very nice if this key order, which > seems like a prime candidate for configuration, was a > configurable option in sshd_config, but it is not. > > > > I am fairly certain that I need to hack up some source > files, and I thought I had it with myproposal.h (see link in > OP) but there must be more, because that small change does > not fix things... > > You don't have any of this in your config ? > > # HostKey for protocol version 1 > #HostKey /usr/local/etc/ssh/ssh_host_key > # HostKeys for protocol version 2 > HostKey /usr/local/etc/ssh/ssh_host_rsa_key > #HostKey /usr/local/etc/ssh/ssh_host_dsa_key > #HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key Yes, but that doesn't help, for reasons I mentioned earlier. Simply removing RSA functionality would (of course) cause it to stop presenting RSA keys first, but what about clients who (for whatever reason, who knows) negotiated RSA keys previously ? Then they would break. This is a very simple requirement: OpenSSH server used to present keys in the order: DSA first, then RSA. I need to get back to that same behavior. How do I do that ? _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
