Bug 4568 - support elliptic curve (ECDSA) host keys
Summary: support elliptic curve (ECDSA) host keys
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Agent (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.1.1
Assignee: Pierre Ossman
URL:
Keywords: hean01_tester, relnotes
Depends on:
Blocks:
 
Reported: 2013-03-28 12:29 CET by Pierre Ossman
Modified: 2013-10-24 10:52 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2013-03-28 12:29:38 CET 
Currently we only fetch the RSA and DSA host keys from the agent's ssh server. There are however other standards, most prominently ECDSA, that also are available.

Most distributions have this turned off because of patent concerns, but Ubuntu ships with it enabled.

This causes problems for our client as ssh will pick the "best" key, which might not be one of those we got from vsmmaster. This presents an ugly warning in older clients, and can completely refuse the connection in current trunk (see bug 2945).


Preferably we should fix this so all possible key types are supported, and not just add ECDSA to the list.
Comment 1 Pierre Ossman cendio 2013-07-17 15:52:26 CEST 
Fixed in r27693 and r27694. Also removed sshlib in r27695 as this was the last user.
Comment 2 Henrik Andersson cendio 2013-10-22 14:08:07 CEST 
Verified using ThinLinc client build 4122 against Ubuntu 12.04 configured
to only use ECDSA hostkey which worked as expected.

Tested using 4.0 client failed, with "Processing SSH output: no hostkey alg"
Note You need to log in before you can comment on or make changes to this bug.