mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 03:12:10 +00:00
upstream: Since they are deprecated, move DSA to the end of the
default list of public keys so that they will be tried last. From github PR#295 from "ProBackup-nl", ok djm@ OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
This commit is contained in:
parent
253de42753
commit
ad16a84e64
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readconf.c,v 1.364 2021/12/19 22:14:47 djm Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.365 2022/02/04 02:49:17 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -2532,7 +2532,6 @@ fill_default_options(Options * options)
|
||||
options->add_keys_to_agent_lifespan = 0;
|
||||
}
|
||||
if (options->num_identity_files == 0) {
|
||||
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
|
||||
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
|
||||
@ -2544,6 +2543,7 @@ fill_default_options(Options * options)
|
||||
add_identity_file(options, "~/",
|
||||
_PATH_SSH_CLIENT_ID_ED25519_SK, 0);
|
||||
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
|
||||
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
|
||||
}
|
||||
if (options->escape_char == -1)
|
||||
options->escape_char = '~';
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-add.1,v 1.83 2021/12/22 06:56:41 jmc Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.84 2022/02/04 02:49:17 dtucker Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -35,7 +35,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: December 22 2021 $
|
||||
.Dd $Mdocdate: February 4 2022 $
|
||||
.Dt SSH-ADD 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -63,12 +63,12 @@ adds private key identities to the authentication agent,
|
||||
.Xr ssh-agent 1 .
|
||||
When run without arguments, it adds the files
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_dsa ,
|
||||
.Pa ~/.ssh/id_ecdsa ,
|
||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||
.Pa ~/.ssh/id_ed25519 ,
|
||||
.Pa ~/.ssh/id_ed25519_sk ,
|
||||
and
|
||||
.Pa ~/.ssh/id_ed25519_sk .
|
||||
.Pa ~/.ssh/id_dsa .
|
||||
After loading a private key,
|
||||
.Nm
|
||||
will try to load corresponding certificate information from the
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh-add.c,v 1.164 2022/01/14 03:43:48 djm Exp $ */
|
||||
/* $OpenBSD: ssh-add.c,v 1.165 2022/02/04 02:49:17 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -77,7 +77,6 @@ extern char *__progname;
|
||||
static char *default_files[] = {
|
||||
#ifdef WITH_OPENSSL
|
||||
_PATH_SSH_CLIENT_ID_RSA,
|
||||
_PATH_SSH_CLIENT_ID_DSA,
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
_PATH_SSH_CLIENT_ID_ECDSA,
|
||||
_PATH_SSH_CLIENT_ID_ECDSA_SK,
|
||||
@ -86,6 +85,7 @@ static char *default_files[] = {
|
||||
_PATH_SSH_CLIENT_ID_ED25519,
|
||||
_PATH_SSH_CLIENT_ID_ED25519_SK,
|
||||
_PATH_SSH_CLIENT_ID_XMSS,
|
||||
_PATH_SSH_CLIENT_ID_DSA,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
8
ssh.1
8
ssh.1
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.427 2021/09/10 10:26:02 dtucker Exp $
|
||||
.Dd $Mdocdate: September 10 2021 $
|
||||
.\" $OpenBSD: ssh.1,v 1.428 2022/02/04 02:49:17 dtucker Exp $
|
||||
.Dd $Mdocdate: February 4 2022 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -298,13 +298,13 @@ private key that is loaded in
|
||||
.Xr ssh-agent 1
|
||||
when the private key file is not present locally.
|
||||
The default is
|
||||
.Pa ~/.ssh/id_dsa ,
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_ecdsa ,
|
||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||
.Pa ~/.ssh/id_ed25519 ,
|
||||
.Pa ~/.ssh/id_ed25519_sk
|
||||
and
|
||||
.Pa ~/.ssh/id_rsa .
|
||||
.Pa ~/.ssh/id_dsa .
|
||||
Identity files may also be specified on
|
||||
a per-host basis in the configuration file.
|
||||
It is possible to have multiple
|
||||
|
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.367 2021/11/10 06:29:25 djm Exp $
|
||||
.Dd $Mdocdate: November 10 2021 $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.368 2022/02/04 02:49:17 dtucker Exp $
|
||||
.Dd $Mdocdate: February 4 2022 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1012,13 +1012,13 @@ section.
|
||||
Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
|
||||
Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
|
||||
The default is
|
||||
.Pa ~/.ssh/id_dsa ,
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_ecdsa ,
|
||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||
.Pa ~/.ssh/id_ed25519 ,
|
||||
.Pa ~/.ssh/id_ed25519_sk
|
||||
and
|
||||
.Pa ~/.ssh/id_rsa .
|
||||
.Pa ~/.ssh/id_dsa .
|
||||
Additionally, any identities represented by the authentication agent
|
||||
will be used for authentication unless
|
||||
.Cm IdentitiesOnly
|
||||
|
Loading…
Reference in New Issue
Block a user