Re: sshd appears to be broken when both host rsa and dsa key file present

[YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>]

On Mon, Jan 26, 2009 at 06:02:03PM +0100, Simon 'corecode' Schubert wrote:
> Matthew Dillon wrote:
> > :Would there really be any reason to change it back.  I assume they changed RSA
> > :to being the default is because the patent is expired.  Also, according to my
> > :notes,
> > :
> > :    RSA is preferable in most cases, since DSA is slower
> > :    and cannot encrypt in and of itself (DSA is a signing
> > :    algorithm only).  RSA can be used to encrypt files.
> > 
> >     Yes, because ssh will unexpectedly stop working in automated scripts
> >     if we change the default as the related keys will not be in the 
> >     known_hosts file.
> 
> The real question for me is, why is the server only offering one key
> or why is the client not checking for the DSA key it already knows?

On 2.0-RELEASE, ssh client and server are patched so that the server
by default offers only DSA host key, and the client prefers DSA host key
by default:
  http://docs.FreeBSD.org/cgi/mid.cgi?200206291051.g5TApuaT057463

On -DEVELOPMENT, they aren't.

You don't have this problem when you try to slogin from a -DEVELOPMENT box
to a 2.0-RELEASE box, because the server doesn't offer RSA host key
by default.
You don't have this problem when you try to slogin from a 2.0-RELEASE box
to a -DEVELOPMENT box, because the client prefers DSA over RSA.

You DO have this problem when you try slogin'ing from -DEVEL to -DEVEL,
as the server offers both keys AND the client prefers RSA over DSA.

Which algorithm to use is determined based on the proposal, before looking
at your known_hosts file, hence the warning.  If I understand the code
correctly, of course.