I have some old 6.x FreeBSD systems that need their OpenSSH upgraded.
Everything goes just fine, but when I am done, existing clients are now
presented with this message:
WARNING: DSA key found for host hostname
in /root/.ssh/known_hosts:12
DSA key fingerprint 4c:29:4b:6e:b8:6b:fa:49...
Th
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> On Thu, May 17, 2012 at 02:17:03PM -0700, Jason Usher
> wrote:
> > I have some old 6.x FreeBSD systems that need their
> OpenSSH upgraded.
> >
> > Everything goes just fine, but when I am done, existing
> clien
--- On Thu, 5/17/12, Garrett Cooper wrote:
> > ... but I'm afraid that changing that line in
> myproposal.h BACK TO ssh-dss,ssh-rsa does not solve the
> problem. I did indeed make that change to
> myproposal.h, manually, and then build the openssh-portable
> port, but the behavior persists.
>
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> > That is not the standard "key mismatch" error that you
> assumed it was. Look at it again - it is saying that
> we do have a key for this server of type DSA, but the client
> is receiving one of type RSA, etc.
> >
> > The keys are the same - th
--- On Thu, 5/17/12, Jason Hellenthal wrote:
> On Thu, May 17, 2012 at 04:26:38PM -0700, Jason Usher
> wrote:
> >
> >
> > --- On Thu, 5/17/12, Jason Hellenthal
> wrote:
> >
> > > > That is not the standard "key mismatch" error
>
Folks,
Is there a better list for this - perhaps freebsd-security ?
I originally posted to -hackers because it *appears* that reverting "rsa, then
dsa" to "dsa, then rsa" was a simple change to myproposal.h, but since that
doesn't work, and since I haven't gotten any replies here ...
Thoughts
--- On Mon, 5/21/12, Garance A Drosehn wrote:
> But have you tried it in this order ?
>
> HostKey /usr/local/etc/ssh/ssh_host_key
> HostKey
> /usr/local/etc/ssh/ssh_host_dsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_rsa_key
> HostKey
> /usr/local/etc/ssh/ssh_host_ecdsa_key
>
Hi Ian,
Thank you very much for taking a look at this, and for understanding what I'm
talking about here.
Comments inline, below...
--- On Tue, 5/22/12, Ian Lepore wrote:
> >
> > > But have you tried it in this order
> ?
> > >
> > > HostKey
> /usr/local/etc/ssh/ssh_host_key
> > >
--- On Tue, 5/22/12, Ian Lepore wrote:
> Seeing your example config with the commented-out HostKey
> lines made me
> realize that you probably want to have two HostKey lines,
> one for the
> protocol v1 key and another for the dsa key for v2.
> The 6.x server
> added the v1 key and the v2 dsa
9 matches
Mail list logo
