Warning to all CVS users.
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Thu Jan 18 19:48:31 EST 2001
another note:
please do NOT use RSA2 key generated after this commit
in authorized_keys2 files with sshd's from before the
commit. the sshd will think they are 6-bit RSA keys
and this is a very bad thing.
On Wed, Jan 17, 2001 at 09:05:47PM -0600, mouring at etoh.eviladmin.org wrote:
>
> For all of you who are testing off the Portable CVS tree. Let point out a
> new 'feature' that was just brought over from the OpenBSD tree:
>
> - markus at cvs.openbsd.org 2001/01/16 19:20:06
> [key.c ssh-rsa.c]
> make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
> galb at vandyke.com. note that you have to delete older ssh2-rsa keys,
> since they are in the wrong format, too. they must be removed from
> .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
> (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
> .ssh/authorized_keys2) additionally, we now check that
> BN_num_bits(rsa->n) >= 768.
>
>
> So keep this in mind. =) This has bitten me in a the ass already while
> trying to submit the whole ball of wax.
>
> I believe this means that if you use the standard key generation of
> OpenSSH you need to regenerate your keys. (Which I can't do quite yet. =)
>
> - Ben
>
More information about the openssh-unix-dev
mailing list