Date: Tue, 01 Dec 2009 11:43:23 +0000 From: Pete French <petefrench@ticketswitch.com> To: freebsd-stable@freebsd.org, freebsd@jdc.parodius.com Subject: Re: SSH oddness with 8.0-STABLE Message-ID: <E1NFR8d-000HH2-GJ@dilbert.ticketswitch.com> In-Reply-To: <20091201113547.GA26501@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
> Usually the error you're seeing is indication that either the client or
> server changed from DSA to RSA, or vice-versa. I don't see anything in
> /etc/ssh/ssh_config or /etc/ssh/sshd_config between 7.2-STABLE and
> 8.0-STABLE which would indicate this changed.
There is, however, a not on /usr/src/UPDATING about this precise
effect. Viz:
20080801:
OpenSSH has been upgraded to 5.1p1.
For many years, FreeBSD's version of OpenSSH preferred DSA
over RSA for host and user authentication keys. With this
upgrade, we've switched to the vendor's default of RSA over
DSA. This may cause upgraded clients to warn about unknown
host keys even for previously known hosts. Users should
follow the usual procedure for verifying host keys before
accepting the RSA key.
This can be circumvented by setting the "HostKeyAlgorithms"
option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
command line.
Please note that the sequence of keys offered for
authentication has been changed as well. You may want to
specify IdentityFile in a different order to revert this
behavior.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1NFR8d-000HH2-GJ>