Hari Bhaskaran
2005-Jul-18 23:46 UTC
problem moving hostkey from ssh version 3.5p1 to 3.8p
Hi, I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa keys have been copied over from old to new machine, linux ssh clients (3.8p1) still bring up the new-key alert. ssh clients from freebsd machines till OpenSSH_3.6.1p1 work fine with the setup (without the new key alert) ssh -vv shows linux clients are looking for type 0 and type 2 key and freebsd ones are looking for type 0 and type 1 keys Is this some known incompatibility between ssh 3.6 vs 3.8 or something between linux vs freebsd? Any help is appreciated Thank you.
Hari Bhaskaran wrote:> Hi, > > I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to > OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa > keys have been copied over from old to new machine, linux ssh > clients (3.8p1) still bring up the new-key alert. ssh clients > from freebsd machines till OpenSSH_3.6.1p1 work fine with > the setup (without the new key alert) > > ssh -vv shows linux clients are looking for type 0 and type 2 key and > freebsd ones are looking for type 0 and type 1 keysType 0 keys are protocol 1 RSA, type 1 are protocol 2 RSA and type 3 are protocol 2 DSA.> Is this some known incompatibility between ssh 3.6 vs 3.8 or something > between linux vs freebsd?Probably not. The host key type is selected on the client side (see "HostKeyAlgorithms" in ssh_config), just change your clients to suit. I don't think the default has changed for a long time (in the main code, anyway, FreeBSD may have done something differently). If changing the clients is a big hassle you could disable the DSA key in sshd_config (specify 2 HostKey entries, one for RSA1 and one for RSA2). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Possibly Parallel Threads
- ssh and root on 4.10 = password discovery (maybe)
- OpenSSH-3.5p1: sshd fails at run-time
- rsync 2.5.6 freezes between Solaris2.6/Commercial SSH Version 2.0.12 and Solaris8/OpenSSH_3.6.1p1
- Possible problem with hostbased protocol 1 rhosts authentication
- gssapi, alpha's, OpenSSH 3.8p1 failing