openssh unix dev - Jul 2005 - problem moving hostkey from ssh version 3.5p1 to 3.8p

Hi,

I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to 
OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa
keys have been copied over from old to new machine, linux ssh
clients (3.8p1) still bring up the new-key alert. ssh clients
from freebsd machines till OpenSSH_3.6.1p1 work fine with 
the setup (without the new key alert)

ssh -vv shows linux clients are looking for type 0 and type 2 key and
freebsd ones are looking for type 0 and type 1 keys

Is this some known incompatibility between ssh 3.6 vs 3.8 or something
between linux vs freebsd?

Any help is appreciated
Thank you.

Hari Bhaskaran wrote:
> Hi,
> 
> I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to 
> OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa
> keys have been copied over from old to new machine, linux ssh
> clients (3.8p1) still bring up the new-key alert. ssh clients
> from freebsd machines till OpenSSH_3.6.1p1 work fine with 
> the setup (without the new key alert)
> 
> ssh -vv shows linux clients are looking for type 0 and type 2 key and
> freebsd ones are looking for type 0 and type 1 keys
Type 0 keys are protocol 1 RSA, type 1 are protocol 2 RSA and type 3 are 
protocol 2 DSA.
> Is this some known incompatibility between ssh 3.6 vs 3.8 or something
> between linux vs freebsd?
Probably not.  The host key type is selected on the client side (see 
"HostKeyAlgorithms" in ssh_config), just change your clients to suit. 
I
don't think the default has changed for a long time (in the main code, 
anyway, FreeBSD may have done something differently).

If changing the clients is a big hassle you could disable the DSA key in 
sshd_config (specify 2 HostKey entries, one for RSA1 and one for RSA2).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.