DragonFly bugs List (threaded) for 2009-01
Re: sshd appears to be broken when both host rsa and dsa key file present
On Mon, Jan 26, 2009 at 06:02:03PM +0100, Simon 'corecode' Schubert wrote:
> Matthew Dillon wrote:
> > :Would there really be any reason to change it back. I assume they changed RSA
> > :to being the default is because the patent is expired. Also, according to my
> > :notes,
> > :
> > : RSA is preferable in most cases, since DSA is slower
> > : and cannot encrypt in and of itself (DSA is a signing
> > : algorithm only). RSA can be used to encrypt files.
> > Yes, because ssh will unexpectedly stop working in automated scripts
> > if we change the default as the related keys will not be in the
> > known_hosts file.
> The real question for me is, why is the server only offering one key
> or why is the client not checking for the DSA key it already knows?
On 2.0-RELEASE, ssh client and server are patched so that the server
by default offers only DSA host key, and the client prefers DSA host key
On -DEVELOPMENT, they aren't.
You don't have this problem when you try to slogin from a -DEVELOPMENT box
to a 2.0-RELEASE box, because the server doesn't offer RSA host key
You don't have this problem when you try to slogin from a 2.0-RELEASE box
to a -DEVELOPMENT box, because the client prefers DSA over RSA.
You DO have this problem when you try slogin'ing from -DEVEL to -DEVEL,
as the server offers both keys AND the client prefers RSA over DSA.
Which algorithm to use is determined based on the proposal, before looking
at your known_hosts file, hence the warning. If I understand the code
correctly, of course.