Date: Tue, 1 Dec 2009 13:26:52 +0100 From: Norman Maurer <norman.maurer@googlemail.com> To: Dimitry Andric <dimitry@andric.com> Cc: freebsd-stable@freebsd.org, Pete French <petefrench@ticketswitch.com>, Jeremy Chadwick <freebsd@jdc.parodius.com> Subject: Re: SSH oddness with 8.0-STABLE Message-ID: <75bda7a00912010426o68aa1c03te8c97c68d3db0b72@mail.gmail.com> In-Reply-To: <4B1508FD.9050607@andric.com> References: <20091201113547.GA26501@icarus.home.lan> <E1NFR8d-000HH2-GJ@dilbert.ticketswitch.com> <20091201115518.GA27115@icarus.home.lan> <4B1508FD.9050607@andric.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think this is the affect of this: 20080801: OpenSSH has been upgraded to 5.1p1. For many years, FreeBSD's version of OpenSSH preferred DSA over RSA for host and user authentication keys. With this upgrade, we've switched to the vendor's default of RSA over DSA. This may cause upgraded clients to warn about unknown host keys even for previously known hosts. Users should follow the usual procedure for verifying host keys before accepting the RSA key. This can be circumvented by setting the "HostKeyAlgorithms" option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh command line. Please note that the sequence of keys offered for authentication has been changed as well. You may want to specify IdentityFile in a different order to revert this behavior. Bye, Norman 2009/12/1 Dimitry Andric <dimitry@andric.com>: > On 2009-12-01 12:55, Jeremy Chadwick wrote: >> This would indicate the OP was running a 7.2-STABLE system which was >> built prior to 2008/08/01 (with some variance; sometimes the commit >> times do not match the timestamp in src/UPDATING), or a system which had >> not had mergemaster run on it to populate the changes into /etc/ssh. > > The stable/7 branch still uses "ssh-dss,ssh-rsa" by default. =A0In the > stable/8 branch, this was changed in revision 181111, Fri Aug 1 02:48:36 > 2008 UTC: > > http://svn.freebsd.org/viewvc/base/stable/8/crypto/openssh/myproposal.h?r= 1=3D181097&r2=3D181111 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75bda7a00912010426o68aa1c03te8c97c68d3db0b72>