[Bug 1657] New: Server Authentication when both RSA and DSA are enabled (on the server)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Oct 2 06:49:02 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1657

           Summary: Server Authentication when both RSA and DSA are
                    enabled (on the server)
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: petfire85 at yahoo.fr


When the SSH Server use both RSA and DSA, actually (by default) the
OpenSSH client is obliged to know the RSA public key of the server. If
we change the preference key to use in the ssh_config with the option
HostKeyAlgorithms we can choose DSA as default key for the server
Authentication.

Actually, if in the known_hosts file on the client we have the RSA key
of the server and if the client is configured to use the DSA key, the
server authentication will failed. Because the SSH client searchs only
the default key of the server in the known_host file.

When we are in this situation, OpenSSH client tell us that there is a
key corresponding to the remote host in the known_hosts file but this
key is not the default configured for the client. So it doesn't want
use it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list