Odd messages after upgrade

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hey all, I just upgraded to the latest 4.1-portable openssh, and now
when trying to log into my system I get the following:

danm@box:/etc/ssh$ ssh danm@prime.gushi.org
WARNING: DSA key found for host prime.gushi.org
in /home/danm/.ssh/known_hosts:1
DSA key fingerprint d9:07:d0:eb:89:3d:04:73:33:e8:05:1c:6d:06:af:6b.
The authenticity of host 'prime.gushi.org (' can't be
but keys of different type are already known for this host.
RSA key fingerprint is ed:53:bd:52:65:9d:9d:9f:e8:bf:71:2a:82:03:1b:38.
Are you sure you want to continue connecting (yes/no)?

I have *always* had DSA *and* RSA keys available.  Does the upgrade
cause the server to offer the keys in a different order of some sort?

Is there any way I can force the thing to go back to its old behavior?

Is one key type inherently better than another for some reason?

Email to gushi at domain gushi.org is also helpful.


Re: Odd messages after upgrade

Quoted text here. Click to load it

This is what you should be looking at. In /home/danm/.ssh/known_hosts,
line 1 you have an entry for your server. When you installed the new
openssh you installed a new set of keys on the server. They then do not
match the old "fingerprint" you had in the ~/.ssh/known_hosts file.

Quoted text here. Click to load it

Stein Arne

Re: Odd messages after upgrade

No my question was as to why the behavior changed.  My keys did NOT
change, but suddenly sshd was offering out the RSA key instead of the
DSA key.

This is apparently because FreeBSD's sshd is patched to prefer the DSA
key, and by default it seems doesn't even load the RSA key -- normal
openssh prefers the RSA key.

See this thread for mroe details:


It appears there's no config file option I can set to make
openssh-portable prefer the RSA key.

Site Timeline