search for: nistp384

...start sshd I kept getting in journal the message: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] I saw that the sshd process had started with the option ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com So I found the unit file for sshd that refers to /etc/crypto-policies/back-ends/openss...

...128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com HostbasedAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,e...

...v/linux/raise.c:51 #1 0xb6b84600 in __GI_abort () at abort.c:79 #2 0x7f715c00 in __subvsi3 (a=<optimized out>, b=<optimized out>) at ../../../gcc-7-20180201/libgcc/libgcc2.c:119 #3 0x7f713494 in strlcpy ( dst=0x7fff2428 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecd...

...g in journal the message: > userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] > > I saw that the sshd process had started with the option > ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521, > ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519, > ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com > > So I found the unit file for sshd that refers > to /etc/cr...

When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the following output: ssh-ed25519 ssh-ed25519-cert-v01 at openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01 at openssh.com ssh-dss-cert-v01 at openssh.com ecdsa-sha2-nistp256-cert-v01 at openssh.com ecdsa-sha2-nistp384-cert-v01 at openssh.com ecdsa-sha2-nistp521-cert-v01 at openssh.com The thing is, one can invoke both client and server with -o HostKeyAlgorithms=rsa...

...c-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac- sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms= curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma n-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgor ithms=rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,ecdsa-sha2-nistp25...

...INIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: aes128-ctr debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse...

...ch: reading file "/Users/user1/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/user1/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from remote_host debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-...

The defaults for HostKeyAlgorithms option are: ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa Why does OpenSSH prefer older and less secure (https://safecurves.cr.yp.to/)...

Hi, I have compatibility issues with the latest version of openssh-server and an old dropbear client, the dopbear client stops at preauth ov 22 14:34:03 myhostname sshd[3905]: debug1: Client protocol version 2.0; client software version dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: no match: dropbear_0.46 Nov 22 14:34:03 myhostname sshd[3905]: debug1: Local version string

...ser1/.ssh/known_hosts" > debug3: record_hostkey: found key type ECDSA in file > /Users/user1/.ssh/known_hosts:3 > debug3: load_hostkeys: loaded 1 keys from remote_host > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2- > nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecd...

...HA256:xxx /path/to/key debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp256 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp256-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp384 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp384-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp521-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-ni...

...on Mon, 2020/03/02 14:07: > > When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the > > following output: > > > > ssh-ed25519 > > ssh-ed25519-cert-v01 at openssh.com > > ssh-rsa > > ssh-dss > > ecdsa-sha2-nistp256 > > ecdsa-sha2-nistp384 > > ecdsa-sha2-nistp521 > > ssh-rsa-cert-v01 at openssh.com > > ssh-dss-cert-v01 at openssh.com > > ecdsa-sha2-nistp256-cert-v01 at openssh.com > > ecdsa-sha2-nistp384-cert-v01 at openssh.com > > ecdsa-sha2-nistp521-cert-v01 at openssh.com > > > > The...

Hi there, has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at

...h-alias debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp3...

Hi! I'm having a difficult time getting X11 forwarding to work. Since I've read the docs completely about this, this must be an SSH bug which is likely because I'm using Gentoo as the SSH server. When trying to forward X11 connections, I get X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server XXXXXXXXX:10.0 Using command ssh -Y -p 1111 -4

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

...ssh.com preferred over ssh-ed25519-cert-v01 at openssh.com ? For example in default settings for KexAlgorithms the curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256. Fedor Defaults in openssh-6.6p1 HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, ssh-ed25519-cert-v01 at openssh.com, ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com, ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-n...

On Mon, 28 May 2018, Yegor Ievlev wrote: > Can we prefer RSA to ECDSA? For example: > HostKeyAlgorithms > ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 not without a good reason

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5