From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@cse.psu.edu Subject: Re: [9fans] backwards-incompatible changes From: "Russ Cox" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Tue, 25 Mar 2003 20:35:47 -0500 Topicbox-Message-UUID: 8428b574-eacb-11e9-9e20-41e7f4b1d025 A few more notes. If you're running a straight terminal out of the box, the only point that affects you is the SSH client key renaming. To be more explicit about how to make the RSA changes: * If you use SSH to connect to other systems using an RSA key, right now you have a key key ek=dd n=e5306cf4e... proto=sshrsa size=1024 !dk? !p? !q? !kp? !kq? !c2? in your own personal factotum. You need to s/proto=sshrsa/proto=sshrsa proto=rsa service=ssh/. Keeping "proto=sshrsa" means the key will keep working now. Adding "proto=rsa service=ssh" means the key will work later. * If you run TLS servers, your server factotum contains a key like: key ek=dd n=e5306cf4e... proto=sshrsa size=1024 !dk? !p? !q? !kp? !kq? !c2? You need to s/proto=sshrsa/proto=sshrsa proto=rsa service=tls/. Same explanation, except note the different service tag. You may be loading the key into factotum with auth/secretpem key.pem >/mnt/factotum/ctl Instead, use auth/pemdecode 'RSA PRIVATE KEY' key.pem | auth/asn12rsa -t 'service=tls' >key.rsa and then you can load the key with cat key.rsa >/mnt/factotum/ctl or add key.rsa to your server's factotum secstore file. * If you run an SSH server, you generated a host key long ago with aux/ssh_genkey. It is stored in /sys/lib/ssh/hostkey.secret. You need to convert it into standard factotum RSA format and load it into factotum: cd /sys/lib/ssh awk '{ printf("key proto=rsa service=sshserve "); printf("size=%s ek=%s !dk=%s n=%s !p=%s !q=%s !kp=%s !kq=%s !c2=%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9); }' hostkey.secret >hostkey.rsa chmod 600 hostkey.rsa If you load your server's factotum key ring via secstore, add the contents of hostkey.rsa to the factotum file. If you don't, then you should add cat /sys/lib/ssh/hostkey.rsa >/mnt/factotum/ctl to your cpurc to hand the key to factotum. === I'll put the changed sources out soon, but will not install the binaries until tomorrow evening. The rsa(8) tools are supposed to be more regular and easier to understand than the ad hoc collection we had before. I apologize for the fact that they are changing. Hopefully it's a small short-term inconvenience for a long-term gain. Russ