search for: nistp256

...(sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0xb6b84600 in __GI_abort () at abort.c:79 #2 0x7f715c00 in __subvsi3 (a=<optimized out>, b=<optimized out>) at ../../../gcc-7-20180201/libgcc/libgcc2.c:119 #3 0x7f713494 in strlcpy ( dst=0x7fff2428 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at ope...

Hello, Maybe I'm asking an already answered question, if yes I'm sorry to bother you. Why in default HostKeyAlgorithms settings is ecdsa-sha2-nistp256-cert-v01 at openssh.com preferred over ssh-ed25519-cert-v01 at openssh.com ? For example in default settings for KexAlgorithms the curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256. Fedor Defaults in openssh-6.6p1 HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01 at openssh.c...

...]: debug3: privsep user:group > > 106:65534 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: permanently_set_uid: > > 106/65534 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: list_hostkey_types: > > ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug3: send packet: type 20 [preauth] > > Nov 22 14:34:03 myhostname sshd[3905]: debug1: SSH2_MSG_KEXINIT sent [preauth] > > > > Can you help? > > That ~13-year-old version of dbclient only has weak key exchange met...

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

...t also DSA keys PubkeyAcceptedKeyTypes=+ssh-dss and systemctl restart sshd I kept getting in journal the message: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] I saw that the sshd process had started with the option ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com So I found the unit f...

...Authenticating to {REDACTED}:22 as 'ryantm' debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-ce...

...: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v...

...ss > > and > systemctl restart sshd > > I kept getting in journal the message: > userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] > > I saw that the sshd process had started with the option > ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, > ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, > ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com &g...

Hi, I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the ssh_config file the host key will always negotiate to a wrong one. In my case it will negotiate to "ecdsa-sha2-nistp256". The client was already configured with the servers rsa public key, before the change I added to the ssh_config file I could see from the debug that server and client will negotiate to use ssh-rsa as expected. After change unfortunately the client and server will negotiate to use ecdsa-sha2-n...

...nitor started Nov 22 14:34:03 myhostname sshd[3905]: debug3: privsep user:group 106:65534 [preauth] Nov 22 14:34:03 myhostname sshd[3905]: debug1: permanently_set_uid: 106/65534 [preauth] Nov 22 14:34:03 myhostname sshd[3905]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth] Nov 22 14:34:03 myhostname sshd[3905]: debug3: send packet: type 20 [preauth] Nov 22 14:34:03 myhostname sshd[3905]: debug1: SSH2_MSG_KEXINIT sent [preauth] Can you help? Thanks

...st as 'user1' debug3: hostkeys_foreach: reading file "/Users/user1/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/user1/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from remote_host debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh...

...ug3: hostkeys_foreach: reading file "/Users/user1/.ssh/known_hosts" > debug3: record_hostkey: found key type ECDSA in file > /Users/user1/.ssh/known_hosts:3 > debug3: load_hostkeys: loaded 1 keys from remote_host > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2- > nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > curv...

...as I can tell, neither the server nor client are overriding default algorithms in their respective configurations) I added some printf debugging to the client to show the values being compared: debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp256 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp256-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-ni...

When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the following output: ssh-ed25519 ssh-ed25519-cert-v01 at openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01 at openssh.com ssh-dss-cert-v01 at openssh.com ecdsa-sha2-nistp256-cert-v01 at openssh.com ecdsa-sha2-nistp384-cert-v01 at openssh.com ecdsa-sha2-nistp521-cert-v01 at openssh.com The thing is, one can invoke both client and server with -o H...

On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the

...at openssh.com,hmac-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac- sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms= curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma n-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgor ithms=rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com...

...s Here are all the lines from my known_hosts.old that contains the public keys for this host. (the name is 'freedom' or freedom.herrb.net and IP adresses are 192.168.31.41 and 2a03:7220:8081:6101:6552:9ca8:512b:9251) |1|LDNls9zwwKUtszPxTWOn1hEP+30=|2C9Jva6DwfnWqEHHjylVV9gAfSs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvFB7QHxguK2UXaFoVFEgQwRHpi5aLRjT3eENZNYHDUj/Nr4wFWDrOW1whtU+CxkM= |1|zjuSnQb3afgDzZBCywXwNiZHYuY=|fUpd/QMtdR1dwYwfDUMM1xKIhqA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2yT8wIR716QLjlhgLO3XGvF...

...m,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: hmac-sha1 debug2: kex...

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5

...stkeys_foreach: reading file "/home/mrkiko/.ssh/known_hosts" debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 at...