[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Feb 15, 2014 8:06 AM, "Aris Adamantiadis" <aris@xxxxxxxxxxxx> wrote:
> Hi everybody,
> This is also my fault, I worked a lot on server side last year and never
> bothered checking if the server was accepting ecdsa keys.
> Regarding the API, is there any advantage in adding an option specific
> to ECDSA ?
> I see there's already SSH_BIND_OPTIONS_HOSTKEY and if we follow
> OpenSSH's semantics:
>      HostKey
>              Specifies a file containing a private host key used by
> SSH.  The default is
>              /etc/ssh/ssh_host_key for protocol version 1, and
> /etc/ssh/ssh_host_dsa_key,
>              /etc/ssh/ssh_host_ecdsa_key and /etc/ssh/ssh_host_rsa_key
> for protocol version
>              2.  Note that sshd(8) will refuse to use a file if it is
> group/world-accessi-
>              ble.  It is possible to have multiple host key files.
> ``rsa1'' keys are used
>              for version 1 and ``dsa'', ``ecdsa'' or ``rsa'' are used
> for version 2 of the
>              SSH protocol.
> This option should also work with ecdsa, is standard (maps to an openssh
> settings) and doesn't require the caller to know the type of key
> Aris

With my last attempt, I had the assumption that, if you had settings for
DSA and RSA (with 2), you'd have one for ECDSA as well (which aligns itself
with OpenSSH's conventions, as stated above). I think that's the most

Alan: Thanks so much for submitting the patch. I don't have the familiarity
that comes with frequency-of-use, with OpenSSL.

Andreas: That's great. Hopefully your comments will take a bite out of the
behavior that we're seeing.


ECCDustin Oprea <myselfasunder@xxxxxxxxx>
Re: ECCAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: ECCAlan Dunn <amdunn@xxxxxxxxx>
Re: ECCAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: ECCAris Adamantiadis <aris@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org