diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2022-02-04 03:49:17 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-02-07 02:27:48 +0100 |
| commit | ad16a84e64a8cf1c69c63de3fb9008320a37009c (patch) | |
| tree | b0f78df42ddbb154c544f1a0c75cc96b86cd6ba9 | |
| parent | portable-specific string array constification (diff) | |
| download | openssh-ad16a84e64a8cf1c69c63de3fb9008320a37009c.tar.xz openssh-ad16a84e64a8cf1c69c63de3fb9008320a37009c.zip | |
upstream: Since they are deprecated, move DSA to the end of the
default list of public keys so that they will be tried last. From github
PR#295 from "ProBackup-nl", ok djm@
OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | ssh-add.1 | 8 | ||||
| -rw-r--r-- | ssh-add.c | 4 | ||||
| -rw-r--r-- | ssh.1 | 8 | ||||
| -rw-r--r-- | ssh_config.5 | 8 |
5 files changed, 16 insertions, 16 deletions
diff --git a/readconf.c b/readconf.c index 1c71c5ef0..79584e216 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.364 2021/12/19 22:14:47 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.365 2022/02/04 02:49:17 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2532,7 +2532,6 @@ fill_default_options(Options * options) options->add_keys_to_agent_lifespan = 0; } if (options->num_identity_files == 0) { - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); #ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); @@ -2544,6 +2543,7 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519_SK, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0); } if (options->escape_char == -1) options->escape_char = '~'; @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.83 2021/12/22 06:56:41 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.84 2022/02/04 02:49:17 dtucker Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 22 2021 $ +.Dd $Mdocdate: February 4 2022 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -63,12 +63,12 @@ adds private key identities to the authentication agent, .Xr ssh-agent 1 . When run without arguments, it adds the files .Pa ~/.ssh/id_rsa , -.Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , .Pa ~/.ssh/id_ed25519 , +.Pa ~/.ssh/id_ed25519_sk , and -.Pa ~/.ssh/id_ed25519_sk . +.Pa ~/.ssh/id_dsa . After loading a private key, .Nm will try to load corresponding certificate information from the @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.164 2022/01/14 03:43:48 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.165 2022/02/04 02:49:17 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -77,7 +77,6 @@ extern char *__progname; static char *default_files[] = { #ifdef WITH_OPENSSL _PATH_SSH_CLIENT_ID_RSA, - _PATH_SSH_CLIENT_ID_DSA, #ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA, _PATH_SSH_CLIENT_ID_ECDSA_SK, @@ -86,6 +85,7 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_ED25519, _PATH_SSH_CLIENT_ID_ED25519_SK, _PATH_SSH_CLIENT_ID_XMSS, + _PATH_SSH_CLIENT_ID_DSA, NULL }; @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.427 2021/09/10 10:26:02 dtucker Exp $ -.Dd $Mdocdate: September 10 2021 $ +.\" $OpenBSD: ssh.1,v 1.428 2022/02/04 02:49:17 dtucker Exp $ +.Dd $Mdocdate: February 4 2022 $ .Dt SSH 1 .Os .Sh NAME @@ -298,13 +298,13 @@ private key that is loaded in .Xr ssh-agent 1 when the private key file is not present locally. The default is -.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , .Pa ~/.ssh/id_ed25519 , .Pa ~/.ssh/id_ed25519_sk and -.Pa ~/.ssh/id_rsa . +.Pa ~/.ssh/id_dsa . Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple diff --git a/ssh_config.5 b/ssh_config.5 index dd223a844..adf177e33 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.367 2021/11/10 06:29:25 djm Exp $ -.Dd $Mdocdate: November 10 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.368 2022/02/04 02:49:17 dtucker Exp $ +.Dd $Mdocdate: February 4 2022 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1012,13 +1012,13 @@ section. Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. The default is -.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , .Pa ~/.ssh/id_ed25519 , .Pa ~/.ssh/id_ed25519_sk and -.Pa ~/.ssh/id_rsa . +.Pa ~/.ssh/id_dsa . Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly |