search for: _path_host_key_file

It appears somewhat inconsistent to me that parameter HostKey is configurable on the server side but fixed on the client side. On the client, always _PATH_HOST_KEY_FILE, _PATH_HOST_DSA_KEY_FILE, _PATH_HOST_RSA_KEY_FILE are used (in this order), whereas on the server, the paths can be specified by up to three HostKey options as arbitrary names in arbitrary sequence. Similarly, option GlobalKnownHostsFile is configurable for the client only but fixed as _PATH_SSH_SY...

...erent code path. -- Iain Morgan diff --git a/ssh.c b/ssh.c index cceb36e..e32aa0a 100644 --- a/ssh.c +++ b/ssh.c @@ -1242,8 +1242,10 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; +#ifdef WITH_SSH1 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL);

...H_MAX_IDENTITY_FILES]; + int group_private_key; /* Local TCP/IP forward requests. */ int num_local_forwards; --- ssh.c.orig Thu Nov 27 16:31:08 2003 +++ ssh.c Thu Nov 27 16:30:46 2003 @@ -634,11 +634,13 @@ PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, options.group_private_key); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, + options.group_private_key);...

...passphrase, comment); #endif /* WITH_SSH1 */ but ssh-keygen.c will still include RSA1: static void do_gen_all_hostkeys(struct passwd *pw) { struct { char *key_type; char *key_type_display; char *path; } key_types[] = { { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, which leads to runtime errors like: ssh-keygen: generating new host keys: RSA1 Saving key "/etc/ssh/ssh_host_key" failed: unknown or unsupported key type -- You are receiving this mail because: You are watching the assignee of the bug.

...R "/ssh_known_hosts2" /* * Of these, ssh_host_key must be readable only by root, whereas ssh_config * should be world-readable. */ ! #define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config" ! #define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config" ! #define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key" ! #define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" ! #define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI ETCDIR "/moduli" /* Backwards compatibility */ #define _PATH_DH_PRIMES ETC...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the