From owner-freebsd-bugs Thu Jun 22 4:42:53 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 38B1A37B680 for ; Thu, 22 Jun 2000 04:42:50 -0700 (PDT) (envelope-from jedgar@fxp.org) Received: from earth.causticlabs.com (oca-u1-22.hitter.net [207.192.78.22]) by pawn.primelocation.net (Postfix) with ESMTP id 96E6B9B1F; Thu, 22 Jun 2000 07:42:47 -0400 (EDT) Date: Thu, 22 Jun 2000 07:42:46 -0400 (EDT) From: "Chris D. Faulhaber" X-Sender: jedgar@earth.causticlabs.com To: Mike Pritchard Cc: David Malone , freebsd-bugs@FreeBSD.ORG Subject: Re: conf/19431: rc.network wants to generate unsupported DSA key for SSH In-Reply-To: <20000622015848.B11875@mppsystems.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 22 Jun 2000, Mike Pritchard wrote: > On Wed, Jun 21, 2000 at 11:00:04PM -0700, David Malone wrote: > > On Thu, Jun 22, 2000 at 02:24:33PM +1000, Gregory Bond wrote: > > > > > I don't know whether this is a simple bug in rc.network (in which case > > > the fix is simple), or if DSA is supported in the US version but not the > > > international version (which seems more likely). In the latter case, > > > rc.network needs to be more careful about what it attempts to do. > > > Should it grep USA_RESIDENT out of make.conf? This is ugly, but I can't > > > think of anything less ugly! > > > > I'm building from international crypto sources here, cvsuped indirectly > > from cvsup.uk.FreeBSD.org and it built a DSA key fine. "ssh-keygen -d" > > still seems to work too. Are you sure you have recent crypto sources? > > I noticed a problem after upgrading a 4.0-something machine to 5.0-current. > I started getting errors starting sshd, complaining about the DSA host > key not being present. I suspect that since I already had a ssh_host_key > present, it didn't try to generate the DSA key. > Nope, the DSA host key is checked/created separately from the RSA host key (all wrapped around a 'case ${sshd_enable}')...see /etc/rc.network. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message