[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ECC
[Thread Prev] | [Thread Next]
- Subject: Re: ECC
- From: Dustin Oprea <myselfasunder@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sat, 15 Feb 2014 09:44:10 -0500
- To: libssh <libssh@xxxxxxxxxx>
On Feb 15, 2014 8:06 AM, "Aris Adamantiadis" <aris@xxxxxxxxxxxx> wrote: > > Hi everybody, > > This is also my fault, I worked a lot on server side last year and never > bothered checking if the server was accepting ecdsa keys. > Regarding the API, is there any advantage in adding an option specific > to ECDSA ? > I see there's already SSH_BIND_OPTIONS_HOSTKEY and if we follow > OpenSSH's semantics: > HostKey > Specifies a file containing a private host key used by > SSH. The default is > /etc/ssh/ssh_host_key for protocol version 1, and > /etc/ssh/ssh_host_dsa_key, > /etc/ssh/ssh_host_ecdsa_key and /etc/ssh/ssh_host_rsa_key > for protocol version > 2. Note that sshd(8) will refuse to use a file if it is > group/world-accessi- > ble. It is possible to have multiple host key files. > ``rsa1'' keys are used > for version 1 and ``dsa'', ``ecdsa'' or ``rsa'' are used > for version 2 of the > SSH protocol. > This option should also work with ecdsa, is standard (maps to an openssh > settings) and doesn't require the caller to know the type of key beforehand. > > Aris > With my last attempt, I had the assumption that, if you had settings for DSA and RSA (with 2), you'd have one for ECDSA as well (which aligns itself with OpenSSH's conventions, as stated above). I think that's the most intuitive. Alan: Thanks so much for submitting the patch. I don't have the familiarity that comes with frequency-of-use, with OpenSSL. Andreas: That's great. Hopefully your comments will take a bite out of the behavior that we're seeing. Dustin
Archive administrator: postmaster@lists.cynapses.org