On Tue, Dec 01, 2009 at 11:43:23AM +0000, Pete French wrote: > > Usually the error you're seeing is indication that either the client or > > server changed from DSA to RSA, or vice-versa. I don't see anything in > > /etc/ssh/ssh_config or /etc/ssh/sshd_config between 7.2-STABLE and > > 8.0-STABLE which would indicate this changed. > > There is, however, a not on /usr/src/UPDATING about this precise > effect. Viz: > > 20080801: > OpenSSH has been upgraded to 5.1p1. > > For many years, FreeBSD's version of OpenSSH preferred DSA > over RSA for host and user authentication keys. With this > upgrade, we've switched to the vendor's default of RSA over > DSA. This may cause upgraded clients to warn about unknown > host keys even for previously known hosts. Users should > follow the usual procedure for verifying host keys before > accepting the RSA key. > > This can be circumvented by setting the "HostKeyAlgorithms" > option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh > command line. > > Please note that the sequence of keys offered for > authentication has been changed as well. You may want to > specify IdentityFile in a different order to revert this > behavior.
This would indicate the OP was running a 7.2-STABLE system which was built prior to 2008/08/01 (with some variance; sometimes the commit times do not match the timestamp in src/UPDATING), or a system which had not had mergemaster run on it to populate the changes into /etc/ssh. -- | Jeremy Chadwick j...@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
