openssh unix dev - Nov 2018 - Try to login: permission denied

Hi,

I've some arch linux systems running on two rasp pi's as server.
I've been able to loging always, since a year or so, and since a week
or two this is not the case anymore.

I've enabled public key auth explicit:

PubkeyAcceptedKeyTypes ssh-rsa
PubkeyAuthentication yes

The server is running version 7.9p1

It looks like there has been introduced:
- a new required flag which I did not enable
- a bug

Does thius ring any bells?

Stef
the Netherlands

When I remove the

PubkeyAcceptedKeyTypes ssh-rsa

setting, I'm able to login. Huhh I've been always able to login this
way. I see a message about the semantics has been changed, but maybe
more has been changed...
I think - but that is a wild guess - that the client asks it can use
the new rsa-sha2-256/512 methods, server cannot support these cause
these are not listed in the PubkeyAcceptedKeyTypes parameter and
disconnects.

My client is also the latest openssh client, no ssh_config

Stef

On Thu, 2018-11-22 at 04:56 +0100, Stef Bon wrote:
> When I remove the
> 
> PubkeyAcceptedKeyTypes ssh-rsa
> 
> setting, I'm able to login. Huhh I've been always able to login
this
> way. I see a message about the semantics has been changed, but maybe
> more has been changed...
> I think - but that is a wild guess - that the client asks it can use
> the new rsa-sha2-256/512 methods, server cannot support these cause
> these are not listed in the PubkeyAcceptedKeyTypes parameter and
> disconnects.
Yes, you are right. If you specify this option, the server will reject
all the other public key algorithms, but RSA keys are using the SHA2
signatures for some time already and they use different "signature
type", but only recent update made this enforced (see the release notes
for OpenSSH 7.8 [1]).

[1] http://www.openssh.com/txt/release-7.8

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.