Re: sshd appears to be broken when both host rsa and dsa key file present

[Vincent Stemen <vince.dragonfly@xxxxxxxxxxx>]

On Sun, Jan 25, 2009 at 11:21:53PM -0800, Matthew Dillon wrote:
> 
> :> Seems like the import of openssh-5.1 reverted the order of the default
> :> hostkey algorithm proposal, which has been part of FreeBSD-local
> :> preferences for many years:
> :>   diff --git a/crypto/openssh-5/myproposal.h b/crypto/openssh-5/myproposal.h
> :>   index 8bdad7b..87a9e58 100644
> :>   --- a/crypto/openssh-5/myproposal.h
> :>   +++ b/crypto/openssh-5/myproposal.h
> :>   @@ -40,7 +40,7 @@
> :> 	  "diffie-hellman-group1-sha1"
> :>    #endif
> :>    
> :>   -#define KEX_DEFAULT_PK_ALG	"ssh-dss,ssh-rsa"
> :>   +#define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
> :>    #define	KEX_DEFAULT_ENCRYPT \
> :..
> :>   HostKeyAlgorithms	ssh-dsa,ssh-rsa
> :
> :This should read:
> :
> :   HostKeyAlgorithms	ssh-dss,ssh-rsa
> :
> :(-dss, not -dsa).
> :-- 
> :| Jeremy Chadwick                                jdc at parodius.com |
> 
>     That looks like a client-side solution, though, which doesn't
>     help fix the server-side defaults.
> 
>     Does changing KEX_DEFAULT_PK_ALG fix it on the server side?  If
>     so I think we may need to re-apply the local change.
> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>

Would there really be any reason to change it back.  I assume they changed RSA
to being the default is because the patent is expired.  Also, according to my
notes,

    RSA is preferable in most cases, since DSA is slower
    and cannot encrypt in and of itself (DSA is a signing
    algorithm only).  RSA can be used to encrypt files.