Andrew Fyfe
2022-Feb-19 19:07 UTC
Recent change in readconf.c incorrectly prioritises DSA keys - openssh-portable only
Hi, There was a recent change on the 4th Feb to readconf.c which moved DSA keys to the end of the default list of public keys as they are deprecated. The change was made correctly in openssh[1][2], however in openssh-portable[3] the RSA key was incorrectly moved to the bottom of the list not the DSA key. Also the openssh-portable commit references OpenBSD-Commit-ID 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0. What does this refer to? I couldn't find a corresponding commit in either the openbsd or openssh-portable git repositories. [1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c.diff?r1=1.364&r2=1.365 [2] https://github.com/openbsd/src/commit/4344e82205068a1a91493f87bd6bd7f2fa92b25e [3] https://github.com/openssh/openssh-portable/commit/ad16a84e64a8cf1c69c63de3fb9008320a37009c Regards Andrew -- Andrew Fyfe andrew at fyfe.gb.net
Darren Tucker
2022-Feb-20 02:36 UTC
Recent change in readconf.c incorrectly prioritises DSA keys - openssh-portable only
On Sun, 20 Feb 2022 at 06:16, Andrew Fyfe <andrew at fyfe.gb.net> wrote:> There was a recent change on the 4th Feb to readconf.c which moved DSA keys to the end > of the default list of public keys as they are deprecated. The change was made correctly > in openssh[1][2], however in openssh-portable[3] the RSA key was incorrectly moved to > the bottom of the list not the DSA key.Thanks for spotting this! Now fixed.> Also the openssh-portable commit references OpenBSD-Commit-ID > 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0. What does this refer to? I couldn't find a > corresponding commit in either the openbsd or openssh-portable git repositories.It corresponds to a private git repo that just contains the OpenBSD changes to usr.bin/ssh and regress/usr.bin/ssh that is used in the syncing process. The repo is private only because we didn't think it'd be of use to anyone else, not because it's special. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.