www.cendio.com
Bug 4568 - support elliptic curve (ECDSA) host keys
: support elliptic curve (ECDSA) host keys
Status: CLOSED FIXED
: ThinLinc
VSM Agent
: trunk
: PC Unknown
: P2 Normal
: 4.1.1
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2013-03-28 12:29 by
Modified: 2013-10-24 10:52 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-03-28 12:29:38
Currently we only fetch the RSA and DSA host keys from the agent's ssh server.
There are however other standards, most prominently ECDSA, that also are
available.

Most distributions have this turned off because of patent concerns, but Ubuntu
ships with it enabled.

This causes problems for our client as ssh will pick the "best" key, which
might not be one of those we got from vsmmaster. This presents an ugly warning
in older clients, and can completely refuse the connection in current trunk
(see bug 2945).


Preferably we should fix this so all possible key types are supported, and not
just add ECDSA to the list.
------- Comment #1 From cendio 2013-07-17 15:52:26 -------
Fixed in r27693 and r27694. Also removed sshlib in r27695 as this was the last
user.
------- Comment #2 From cendio 2013-10-22 14:08:07 -------
Verified using ThinLinc client build 4122 against Ubuntu 12.04 configured
to only use ECDSA hostkey which worked as expected.

Tested using 4.0 client failed, with "Processing SSH output: no hostkey alg"