Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Recent change in readconf.c incorrectly prioritises DSA keys - openssh-portable only
andrew at fyfe
Feb 19, 2022, 11:07 AM
Post #1 of 2 (238 views)
Permalink
Hi,

There was a recent change on the 4th Feb to readconf.c which moved DSA keys to the end
of the default list of public keys as they are deprecated. The change was made correctly
in openssh[1][2], however in openssh-portable[3] the RSA key was incorrectly moved to
the bottom of the list not the DSA key.

Also the openssh-portable commit references OpenBSD-Commit-ID
7e5d575cf4971d4e2de92e0b6d6efaba53598bf0. What does this refer to? I couldn't find a
corresponding commit in either the openbsd or openssh-portable git repositories.

[1]
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c.diff?r1=1.364&r2=1.365
[2] https://github.com/openbsd/src/commit/4344e82205068a1a91493f87bd6bd7f2fa92b25e
[3]
https://github.com/openssh/openssh-portable/commit/ad16a84e64a8cf1c69c63de3fb9008320a37009c

Regards
Andrew

--
Andrew Fyfe
andrew@fyfe.gb.net
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Recent change in readconf.c incorrectly prioritises DSA keys - openssh-portable only [ In reply to ]
dtucker at dtucker
Feb 19, 2022, 6:36 PM
Post #2 of 2 (237 views)
Permalink
On Sun, 20 Feb 2022 at 06:16, Andrew Fyfe <andrew@fyfe.gb.net> wrote:
> There was a recent change on the 4th Feb to readconf.c which moved DSA keys to the end
> of the default list of public keys as they are deprecated. The change was made correctly
> in openssh[1][2], however in openssh-portable[3] the RSA key was incorrectly moved to
> the bottom of the list not the DSA key.

Thanks for spotting this! Now fixed.

> Also the openssh-portable commit references OpenBSD-Commit-ID
> 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0. What does this refer to? I couldn't find a
> corresponding commit in either the openbsd or openssh-portable git repositories.

It corresponds to a private git repo that just contains the OpenBSD
changes to usr.bin/ssh and regress/usr.bin/ssh that is used in the
syncing process. The repo is private only because we didn't think
it'd be of use to anyone else, not because it's special.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal