Bug 23286

Summary: openssh is too verbose
Product: Base System Reporter: sec <sec>
Component: binAssignee: Brian Feldman <green>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description sec 2000-12-05 00:20:00 UTC 
The ssh binary in the FreeBSD base distribution is too verbose.
When ssh'ing to an host running an old ssh version it outputs:

| Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024.
| Warning: This may be due to an old implementation of ssh.

This has several problems:
- It is not possible to disable this without disabling ALL warnings.
  Disabling ALL warnings is obviously not a good idea for security related
  products
- It outputs this even in non-interactive mode, so I'm forced to modify
  automatic scrips to cater for this behaviour. This way the FreeBSD-4.x
  ssh is gratitously incompatible to older versions.
- If users get exposed to meaningless warnings they quickly learn to ignore
  warnings. This is obviosly a bad idea, as we want them to notice in case
  there is somthing we really need to warn the user about.

Fix: Cater explicitly for the 'one-bit-defference' case, and remove that now
meaningless 'This may be due to an old implementation' line.
How-To-Repeat: 
ssh to an host with an old keysize length.
Comment 1 Doug Barton freebsd_committer freebsd_triage 2000-12-08 07:41:14 UTC 
Responsible Changed
From-To: freebsd-bugs->green


Green is Mr. ssh
Comment 2 Brian Feldman freebsd_committer freebsd_triage 2001-02-19 21:52:55 UTC 
State Changed
From-To: open->closed

This is an accurate warning, so I really think it should stay.  You're 
free to keep the change locally if it bugs you, of course, but it's 
useful to have the warning to know when we're dealing with a buggy 
server.  Thanks for submitting.