--- On Tue, 5/22/12, Ian Lepore wrote:
> Seeing your example config with the commented-out HostKey
> lines made me
> realize that you probably want to have two HostKey lines,
> one for the
> protocol v1 key and another for the dsa key for v2.
> The 6.x server
> added the v1 key and the v2 dsa
On Tue, 2012-05-22 at 09:59 -0700, Jason Usher wrote:
> Hi Ian,
>
> Thank you very much for taking a look at this, and for understanding what I'm
> talking about here.
>
> Comments inline, below...
>
>
> --- On Tue, 5/22/12, Ian Lepore wrote:
>
> > >
> > > >But have you tried it in thi
Hi Ian,
Thank you very much for taking a look at this, and for understanding what I'm
talking about here.
Comments inline, below...
--- On Tue, 5/22/12, Ian Lepore wrote:
> >
> > > But have you tried it in this order
> ?
> > >
> > > HostKey
> /usr/local/etc/ssh/ssh_host_key
> > >
On Mon, 2012-05-21 at 14:26 -0700, Jason Usher wrote:
>
> --- On Mon, 5/21/12, Garance A Drosehn wrote:
>
> >But have you tried it in this order ?
> >
> >HostKey /usr/local/etc/ssh/ssh_host_key
> >HostKey
> > /usr/local/etc/ssh/ssh_host_dsa_key
> >HostKey
> > /usr/local/etc/ssh
On Mon, May 21, 2012 at 02:26:27PM -0700, Jason Usher wrote:
>
>
> --- On Mon, 5/21/12, Garance A Drosehn wrote:
>
> > ???But have you tried it in this order ?
> >
> > ???HostKey /usr/local/etc/ssh/ssh_host_key
> > ???HostKey
> > /usr/local/etc/ssh/ssh_host_dsa_key
> > ???HostKey
> > /usr/l
--- On Mon, 5/21/12, Garance A Drosehn wrote:
> But have you tried it in this order ?
>
> HostKey /usr/local/etc/ssh/ssh_host_key
> HostKey
> /usr/local/etc/ssh/ssh_host_dsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_rsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_ecdsa_key
>
I may have missed some emails in this thread, but did you
try this suggestion:
But have you tried it in this order ?
HostKey /usr/local/etc/ssh/ssh_host_key
HostKey /usr/local/etc/ssh/ssh_host_dsa_key
HostKey /usr/local/etc/ssh/ssh_host_rsa_key
HostKey /usr/local/etc/ssh/ssh_host_
On Mon, May 21, 2012 at 09:18:32AM -0700, Jason Usher wrote:
>
> Folks,
>
> Is there a better list for this - perhaps freebsd-security ?
>
> I originally posted to -hackers because it *appears* that reverting "rsa,
> then dsa" to "dsa, then rsa" was a simple change to myproposal.h, but since
Folks,
Is there a better list for this - perhaps freebsd-security ?
I originally posted to -hackers because it *appears* that reverting "rsa, then
dsa" to "dsa, then rsa" was a simple change to myproposal.h, but since that
doesn't work, and since I haven't gotten any replies here ...
Thoughts
On Fri, May 18, 2012 at 01:58:01PM -0700, Jason Usher wrote:
>
>
> --- On Thu, 5/17/12, Jason Hellenthal wrote:
>
> > On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher
> > wrote:
> > >
> > >
> > > --- On Thu, 5/17/12, Jason Hellenthal
> > wrote:
> > >
> > > > > That is not the standar
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher
> wrote:
> >
> >
> > --- On Thu, 5/17/12, Jason Hellenthal
> wrote:
> >
> > > > That is not the standard "key mismatch" error
> that you
> > > assumed it was.? Look at it again - it is sayin
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> > That is not the standard "key mismatch" error that you
> assumed it was. Look at it again - it is saying that
> we do have a key for this server of type DSA, but the client
> is receiving one of type RSA, etc.
> >
> > The keys are the same - th
--- On Thu, 5/17/12, Garrett Cooper wrote:
> > ... but I'm afraid that changing that line in
> myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the
> problem. I did indeed make that change to
> myproposal.h, manually, and then build the openssh-portable
> port, but the behavior persists.
>
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher
> wrote:
> > I have some old 6.x FreeBSD systems that need their
> OpenSSH upgraded.
> >
> > Everything goes just fine, but when I am done, existing
> clients are now presented with this messag
On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher wrote:
>
>
> --- On Thu, 5/17/12, Jason Hellenthal wrote:
>
> > > That is not the standard "key mismatch" error that you
> > assumed it was.? Look at it again - it is saying that
> > we do have a key for this server of type DSA, but the cl
On Thu, May 17, 2012 at 04:06:11PM -0700, Jason Usher wrote:
>
>
> --- On Thu, 5/17/12, Jason Hellenthal wrote:
>
> > On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher
> > wrote:
> > > I have some old 6.x FreeBSD systems that need their
> > OpenSSH upgraded.
> > >
> > > Everything goes j
On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher wrote:
> I have some old 6.x FreeBSD systems that need their OpenSSH upgraded.
>
> Everything goes just fine, but when I am done, existing clients are now
> presented with this message:
>
>
> WARNING: DSA key found for host hostname
> in /
17 matches
Mail list logo
