Re: sshd appears to be broken when both host rsa and dsa key file present

[YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>]

On Sun, Jan 25, 2009 at 06:50:22PM -0800, Matthew Dillon wrote:
>     I think YONETANI reported this a few months ago, but it just started
>     happening to me when I upgraded pkgbox.
> 
>     Something is ignoring the host DSA key when a host RSA key is presenting,
>     causing a mismatch with a pre-existing known_hosts file.
> 
>     If I were to say 'yes', then RSA host key would be recorded in my
>     known_hosts file.
> 
>     If I remove the RSA host key file on the server and restart sshd, then
>     the client properly negotiates using the DSA host key.
> 
>     Anyone have any ideas?
> 
> 						-Matt

Seems like the import of openssh-5.1 reverted the order of the default
hostkey algorithm proposal, which has been part of FreeBSD-local
preferences for many years:
  diff --git a/crypto/openssh-5/myproposal.h b/crypto/openssh-5/myproposal.h
  index 8bdad7b..87a9e58 100644
  --- a/crypto/openssh-5/myproposal.h
  +++ b/crypto/openssh-5/myproposal.h
  @@ -40,7 +40,7 @@
	  "diffie-hellman-group1-sha1"
   #endif
   
  -#define KEX_DEFAULT_PK_ALG	"ssh-dss,ssh-rsa"
  +#define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
   #define	KEX_DEFAULT_ENCRYPT \
	  "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
	  "arcfour128,arcfour256,arcfour," \

Note that FreeBSD also got rid of this local change about a month
earlier than we did:
  http://docs.freebsd.org/cgi/mid.cgi?200808010253.m712raNF004286

So the quick workaround(if you still prefer DSA over RSA) is
to add the following in /etc/ssh_config on ssh clients

  HostKeyAlgorithms	ssh-dsa,ssh-rsa
  
or to make it per-user, add the following two lines in ~/.ssh/config
  Host foo		# or use * if you want to apply any hosts
  HostKeyAlgorithms	ssh-dsa,ssh-rsa

Cheers.