upstream: Since they are deprecated, move DSA to the end of the

default list of public keys so that they will be tried last.  From github
PR#295 from "ProBackup-nl", ok djm@

OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0

diff --git a/readconf.c b/readconf.c
index 1c71c5ef000b2d684c4b1af5d90868306f82d333..79584e216fb0fe9941dc0b726a5cd875fc77b0db 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.364 2021/12/19 22:14:47 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.365 2022/02/04 02:49:17 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2532,7 +2532,6 @@ fill_default_options(Options * options)
                options->add_keys_to_agent_lifespan = 0;
        }
        if (options->num_identity_files == 0) {
-               add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
 #ifdef OPENSSL_HAS_ECC
                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
@@ -2544,6 +2543,7 @@ fill_default_options(Options * options)
                add_identity_file(options, "~/",
                    _PATH_SSH_CLIENT_ID_ED25519_SK, 0);
                add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
+               add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
        }
        if (options->escape_char == -1)
                options->escape_char = '~';

diff --git a/ssh-add.1 b/ssh-add.1
index 9d39a6262559aae878e8595391866b946495b99a..4601f5981cd3490b2c0b37e4d4ecfe8c91e37f07 100644 (file)
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-add.1,v 1.83 2021/12/22 06:56:41 jmc Exp $
+.\"    $OpenBSD: ssh-add.1,v 1.84 2022/02/04 02:49:17 dtucker Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 22 2021 $
+.Dd $Mdocdate: February 4 2022 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -63,12 +63,12 @@ adds private key identities to the authentication agent,
 .Xr ssh-agent 1 .
 When run without arguments, it adds the files
 .Pa ~/.ssh/id_rsa ,
-.Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
 .Pa ~/.ssh/id_ed25519 ,
+.Pa ~/.ssh/id_ed25519_sk ,
 and
-.Pa ~/.ssh/id_ed25519_sk .
+.Pa ~/.ssh/id_dsa .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the

diff --git a/ssh-add.c b/ssh-add.c
index 4a6f5e1412668492a4d5b2f9b9472680abcd070e..7555477482766e4464ab92bcbf19a879fe28d4f1 100644 (file)
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.164 2022/01/14 03:43:48 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.165 2022/02/04 02:49:17 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -77,7 +77,6 @@ extern char *__progname;
 static char *default_files[] = {
 #ifdef WITH_OPENSSL
        _PATH_SSH_CLIENT_ID_RSA,
-       _PATH_SSH_CLIENT_ID_DSA,
 #ifdef OPENSSL_HAS_ECC
        _PATH_SSH_CLIENT_ID_ECDSA,
        _PATH_SSH_CLIENT_ID_ECDSA_SK,
@@ -86,6 +85,7 @@ static char *default_files[] = {
        _PATH_SSH_CLIENT_ID_ED25519,
        _PATH_SSH_CLIENT_ID_ED25519_SK,
        _PATH_SSH_CLIENT_ID_XMSS,
+       _PATH_SSH_CLIENT_ID_DSA,
        NULL
 };
 

diff --git a/ssh.1 b/ssh.1
index 7efb23828dc72f960697d03a57b28112e2f02f43..6f29a0670442fded2255457c7a85ce8ce3b41b8d 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.427 2021/09/10 10:26:02 dtucker Exp $
-.Dd $Mdocdate: September 10 2021 $
+.\" $OpenBSD: ssh.1,v 1.428 2022/02/04 02:49:17 dtucker Exp $
+.Dd $Mdocdate: February 4 2022 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -298,13 +298,13 @@ private key that is loaded in
 .Xr ssh-agent 1
 when the private key file is not present locally.
 The default is
-.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
 .Pa ~/.ssh/id_ed25519 ,
 .Pa ~/.ssh/id_ed25519_sk
 and
-.Pa ~/.ssh/id_rsa .
+.Pa ~/.ssh/id_dsa .
 Identity files may also be specified on
 a per-host basis in the configuration file.
 It is possible to have multiple

diff --git a/ssh_config.5 b/ssh_config.5
index dd223a844187de8a2fcd624b4011c094ac037244..adf177e33b15bc8bd52b5755663aeef418ff0664 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.367 2021/11/10 06:29:25 djm Exp $
-.Dd $Mdocdate: November 10 2021 $
+.\" $OpenBSD: ssh_config.5,v 1.368 2022/02/04 02:49:17 dtucker Exp $
+.Dd $Mdocdate: February 4 2022 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1012,13 +1012,13 @@ section.
 Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
 Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
 The default is
-.Pa ~/.ssh/id_dsa ,
+.Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
 .Pa ~/.ssh/id_ed25519 ,
 .Pa ~/.ssh/id_ed25519_sk
 and
-.Pa ~/.ssh/id_rsa .
+.Pa ~/.ssh/id_dsa .
 Additionally, any identities represented by the authentication agent
 will be used for authentication unless
 .Cm IdentitiesOnly