svn commit: r294495 - in head: . crypto/openssh

[Dag-Erling Smørgrav]

Author: des
Date: Thu Jan 21 11:10:14 2016
New Revision: 294495
URL: https://svnweb.freebsd.org/changeset/base/294495

Log:
  Enable DSA keys by default.  They were disabled in OpenSSH 6.9p1.
  
  Noticed by:   glebius

Modified:
  head/UPDATING
  head/crypto/openssh/myproposal.h   (contents, props changed)
  head/crypto/openssh/ssh_config.5
  head/crypto/openssh/sshd_config.5

Modified: head/UPDATING
==============================================================================
--- head/UPDATING       Thu Jan 21 10:57:45 2016        (r294494)
+++ head/UPDATING       Thu Jan 21 11:10:14 2016        (r294495)
@@ -32,10 +32,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
        "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
 20160119:
-       The default configuration of ssh(1) no longer allows to use ssh-dss
-       keys.  To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes
-       option in the /etc/ssh/ssh_config.  Refer to ssh_config(5) for more
-       information.
        The NONE and HPN patches has been removed from OpenSSH.  They are
        still available in the security/openssh-portable port.
 

Modified: head/crypto/openssh/myproposal.h
==============================================================================
--- head/crypto/openssh/myproposal.h    Thu Jan 21 10:57:45 2016        
(r294494)
+++ head/crypto/openssh/myproposal.h    Thu Jan 21 11:10:14 2016        
(r294495)
@@ -1,4 +1,5 @@
 /* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
+/* $FreeBSD$ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -99,9 +100,11 @@
        HOSTKEY_ECDSA_CERT_METHODS \
        "ssh-ed25519-cert-...@openssh.com," \
        "ssh-rsa-cert-...@openssh.com," \
+       "ssh-dss-cert-...@openssh.com," \
        HOSTKEY_ECDSA_METHODS \
        "ssh-ed25519," \
-       "ssh-rsa" \
+       "ssh-rsa," \
+       "ssh-dss"
 
 /* the actual algorithms */
 

Modified: head/crypto/openssh/ssh_config.5
==============================================================================
--- head/crypto/openssh/ssh_config.5    Thu Jan 21 10:57:45 2016        
(r294494)
+++ head/crypto/openssh/ssh_config.5    Thu Jan 21 11:10:14 2016        
(r294495)
@@ -798,8 +798,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The
@@ -821,8 +823,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 If hostkeys are known for the destination host then this default is modified
@@ -1251,8 +1255,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The

Modified: head/crypto/openssh/sshd_config.5
==============================================================================
--- head/crypto/openssh/sshd_config.5   Thu Jan 21 10:57:45 2016        
(r294494)
+++ head/crypto/openssh/sshd_config.5   Thu Jan 21 11:10:14 2016        
(r294495)
@@ -657,8 +657,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The
@@ -752,8 +754,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The list of available key types may also be obtained using the
@@ -1355,8 +1359,10 @@ ecdsa-sha2-nistp384-cert-...@openssh.com
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-dss-cert-...@openssh.com,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
+ecdsa-sha2-nistp521,ssh-ed25519,
+ssh-rsa,ssh-dss
 .Ed
 .Pp
 The
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"