DragonFly bugs List (threaded) for 2009-01
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: sshd appears to be broken when both host rsa and dsa key file present

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Sun, 25 Jan 2009 23:21:53 -0800 (PST)

:> Seems like the import of openssh-5.1 reverted the order of the default
:> hostkey algorithm proposal, which has been part of FreeBSD-local
:> preferences for many years:
:>   diff --git a/crypto/openssh-5/myproposal.h b/crypto/openssh-5/myproposal.h
:>   index 8bdad7b..87a9e58 100644
:>   --- a/crypto/openssh-5/myproposal.h
:>   +++ b/crypto/openssh-5/myproposal.h
:>   @@ -40,7 +40,7 @@
:> 	  "diffie-hellman-group1-sha1"
:>    #endif
:>    
:>   -#define KEX_DEFAULT_PK_ALG	"ssh-dss,ssh-rsa"
:>   +#define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
:>    #define	KEX_DEFAULT_ENCRYPT \
:..
:>   HostKeyAlgorithms	ssh-dsa,ssh-rsa
:
:This should read:
:
:   HostKeyAlgorithms	ssh-dss,ssh-rsa
:
:(-dss, not -dsa).
:-- 
:| Jeremy Chadwick                                jdc at parodius.com |

    That looks like a client-side solution, though, which doesn't
    help fix the server-side defaults.

    Does changing KEX_DEFAULT_PK_ALG fix it on the server side?  If
    so I think we may need to re-apply the local change.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

Follow-Ups:
- Re: sshd appears to be broken when both host rsa and dsa key file present
  - From: Vincent Stemen <vince.dragonfly@hightek.org>

References:
- sshd appears to be broken when both host rsa and dsa key file present
  - From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: sshd appears to be broken when both host rsa and dsa key file present
  - From: YONETANI Tomokazu <qhwt+dfly@les.ath.cx>
- Re: sshd appears to be broken when both host rsa and dsa key file present
  - From: Jeremy Chadwick <jdc@parodius.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]