[PATCH] Make ssh-keyscan to fetch ECDSA keys by default

---

• From: Xin Li <delphij@xxxxxxxxxxx>
• Date: Mon, 25 Jun 2012 10:31:38 -0700

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi, Dag-Erling,

Here is a patch from OpenBSD which makes ssh-keyscan to fetch ECDSA
keys by default, to match the default hostkey algorithm.

Cheers,
- --
Xin LI <delphij@xxxxxxxxxxx> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQEcBAEBCAAGBQJP6KB6AAoJEG80Jeu8UPuz3ksIAJnPmcFBDE0Uc7wW7H9b2ug4
coILQXSBXlXZqHuGd6HqI7ghz3fthe8oKxvNkjhEcrngLGWi3UXIEEVHnJAtHJaT
tzUwxLPK6bn2ZiIxTxjKEEmXhbyhlggSRDCLMXKsrrJYltL5VX6pM/jWACeBnegm
xh38KZ7yh8AIAaFyZVGZcIbWd9Yw6DXc7gTt4ifVQ537TdFnMlowuqxT/g27tZaq
/fbEozwCTXCpBNqkhLyROF7pNqEHvdKbN6BeLf//7gnOuof2h5VDElf9Lacnek92
kRPSw/gboPo6UEEZ1OdGjecUnBlePYxpxIs6np4hDWaniR4VNq+DczIcmTDSnO4=
=OzCc
-----END PGP SIGNATURE-----
Index: crypto/openssh/ssh-keyscan.c
===================================================================
--- crypto/openssh/ssh-keyscan.c (revision 237520)
+++ crypto/openssh/ssh-keyscan.c (working copy)
@@ -57,7 +57,7 @@ int ssh_port = SSH_DEFAULT_PORT;
#define KT_RSA 4
#define KT_ECDSA 8

-int get_keytypes = KT_RSA; /* Get only RSA keys by default */
+int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */

int hash_hosts = 0; /* Hash hostname on output */

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default
    • From: Dag-Erling Smørgrav

• Prev by Date: Re: Add rc.conf variables to control host key length
• Next by Date: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default
• Previous by thread: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
• Next by thread: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default
• Index(es):
  • Date
  • Thread

---

Relevant Pages Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl ... The above patch reduces the functionality of libcryptoby ... prohibiting the use of exceptionally large public keys. ... For general information regarding FreeBSD Security Advisories, ... many applications using OpenSSL do not perform any validation ... (freebsd-questions) Re: IPSEC interoperability with Win2K client? ... static-configured keys). ... W2k don't support aggresive mode negotiation ... use latest racoon and FreeBSD 4.5-STABLE ... W2k station key and cert add to ... (FreeBSD-Security) FreeBSD Ports Security Advisory FreeBSD-SA-01:44.gnupg ... FreeBSD only: NO ... GnuPG is an implementation of the PGP digital signature/encryption ... The gnupg port, versions prior to gnupg-1.0.6, contains a format ... Deinstall the old package and install a new package dated after the ... (FreeBSD-Security) Re: [ANNOUNCEMENT] Wiki for discussing P35/IHC9(R)/SATA issues set up ... and I can not afford to buy a new piece of hardware ... I have submitted the complete verbose dmesg, ... FreeBSD - The Power to Serve! ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... (freebsd-current) Re: sysinstall - arrow keys ... >> and why does the FreeBSD Handbook encourage the use of such keys for ... There are /far/ better alternatives than the non-standard ``arrow'' keys. ... > block-mode terminals that are hopefully no longer in use. ... traditional Unix means of navigation. ... (comp.unix.bsd.freebsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2012-06