Date: Mon, 25 Jun 2012 01:52:17 +0800 From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: "J. Hellenthal" <jhellenthal@dataix.net> Cc: ports@freebsd.org Subject: Re: security/openssh-portable line # 82 of rc.d/openssh generates DSA not ECDSA Message-ID: <CAMHz58QDUNVt-_ZDmZemr4UtHrw_UQroY73bSmKgmPQhQesqvw@mail.gmail.com> In-Reply-To: <20120624171753.GA15646@DataIX.net> References: <20120624171753.GA15646@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 25, 2012 at 1:17 AM, J. Hellenthal <jhellenthal@dataix.net> wro= te: > > As stated in the subject > > if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then > =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "You already have a Elliptic Curve DSA ho= st key" \ > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"in /usr/local/etc= /ssh/ssh_host_ecdsa_key" > =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "Skipping protocol version 2 Elliptic Cur= ve DSA Key Generation" > else > =C2=A0 =C2=A0 =C2=A0 =C2=A0/usr/local/bin/ssh-keygen -t dsa \ > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-f /usr/local/etc/= ssh/ssh_host_ecdsa_key -N '' > fi > > > Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to > "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key > in a different file. > > -- > > =C2=A0- (2^(N-1)) Committed. Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58QDUNVt-_ZDmZemr4UtHrw_UQroY73bSmKgmPQhQesqvw>