problem moving hostkey from ssh version 3.5p1 to 3.8p
Darren Tucker
dtucker at zip.com.au
Tue Jul 19 10:16:29 EST 2005
Hari Bhaskaran wrote:
> Hi,
>
> I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to
> OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa
> keys have been copied over from old to new machine, linux ssh
> clients (3.8p1) still bring up the new-key alert. ssh clients
> from freebsd machines till OpenSSH_3.6.1p1 work fine with
> the setup (without the new key alert)
>
> ssh -vv shows linux clients are looking for type 0 and type 2 key and
> freebsd ones are looking for type 0 and type 1 keys
Type 0 keys are protocol 1 RSA, type 1 are protocol 2 RSA and type 3 are
protocol 2 DSA.
> Is this some known incompatibility between ssh 3.6 vs 3.8 or something
> between linux vs freebsd?
Probably not. The host key type is selected on the client side (see
"HostKeyAlgorithms" in ssh_config), just change your clients to suit. I
don't think the default has changed for a long time (in the main code,
anyway, FreeBSD may have done something differently).
If changing the clients is a big hassle you could disable the DSA key in
sshd_config (specify 2 HostKey entries, one for RSA1 and one for RSA2).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list