DragonFly bugs List (threaded) for 2009-01
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: sshd appears to be broken when both host rsa and dsa key file present
:> Seems like the import of openssh-5.1 reverted the order of the default
:> hostkey algorithm proposal, which has been part of FreeBSD-local
:> preferences for many years:
:> diff --git a/crypto/openssh-5/myproposal.h b/crypto/openssh-5/myproposal.h
:> index 8bdad7b..87a9e58 100644
:> --- a/crypto/openssh-5/myproposal.h
:> +++ b/crypto/openssh-5/myproposal.h
:> @@ -40,7 +40,7 @@
:> "diffie-hellman-group1-sha1"
:> #endif
:>
:> -#define KEX_DEFAULT_PK_ALG "ssh-dss,ssh-rsa"
:> +#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
:> #define KEX_DEFAULT_ENCRYPT \
:..
:> HostKeyAlgorithms ssh-dsa,ssh-rsa
:
:This should read:
:
: HostKeyAlgorithms ssh-dss,ssh-rsa
:
:(-dss, not -dsa).
:--
:| Jeremy Chadwick jdc at parodius.com |
That looks like a client-side solution, though, which doesn't
help fix the server-side defaults.
Does changing KEX_DEFAULT_PK_ALG fix it on the server side? If
so I think we may need to re-apply the local change.
-Matt
Matthew Dillon
<dillon@backplane.com>
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]