Bugzilla – Bug 4568
support elliptic curve (ECDSA) host keys
Last modified: 2013-10-24 10:52:18
You need to
before you can comment on or make changes to this bug.
Currently we only fetch the RSA and DSA host keys from the agent's ssh server.
There are however other standards, most prominently ECDSA, that also are
Most distributions have this turned off because of patent concerns, but Ubuntu
ships with it enabled.
This causes problems for our client as ssh will pick the "best" key, which
might not be one of those we got from vsmmaster. This presents an ugly warning
in older clients, and can completely refuse the connection in current trunk
(see bug 2945).
Preferably we should fix this so all possible key types are supported, and not
just add ECDSA to the list.
Fixed in r27693 and r27694. Also removed sshlib in r27695 as this was the last
Verified using ThinLinc client build 4122 against Ubuntu 12.04 configured
to only use ECDSA hostkey which worked as expected.
Tested using 4.0 client failed, with "Processing SSH output: no hostkey alg"