search for: pubkeyacceptedalgorithms

Displaying 15 results from an estimated 15 matches for "pubkeyacceptedalgorithms".

2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...using the most up to date version of openssh on OL8 that I can patch to (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've tried adding HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com or HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa to my .ssh/config and still receive an error message of: agent key RSA-CERT SHA256:..... returned incorrect signature type sign_...
2024 Sep 09
2
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...sion of openssh on OL8 that I can patch to > (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've > tried adding > > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com > or > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > to my .ssh/config and still receive an error message of: > > agent key RSA-CERT SHA256:..... retu...
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...patch > to > > (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of > > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've > > tried adding > > > > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com > > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com > > or > > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa > > > > to my .ssh/config and still receive an error message of: > > > > age...
2025 Jan 20
3
[Bug 3779] New: SHA1 deprecation
https://bugzilla.mindrot.org/show_bug.cgi?id=3779 Bug ID: 3779 Summary: SHA1 deprecation Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter:
2024 Jul 14
1
Configuration for root logins
...rg_ed25519 IgnoreRhosts yes IgnoreUserKnownHosts yes KerberosAuthentication no ListenAddress = 192.168.0.1 ListenAddress = fd46:1ffa:d8e0::1 LogLevel VERBOSE PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin yes PermitTTY yes PermitTunnel no PermitUserRC yes PubkeyAuthentication yes PubkeyAcceptedAlgorithms ssh-ed25519 UseDNS = no X11Forwarding no For now, the client machine is on a static IP address, just for testing using my in-house network. But later the client machines will be on dynamic IP addresses, which is why I have 'HostbasedUsesNameFromPacketOnly yes'. With this setup I can log...
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Bug ID: 3253 Summary: ssh-keygen man page still lists deprecated key types for -t Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...gt; (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of >> > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've >> > tried adding >> > >> > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com >> > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com >> > or >> > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa >> > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa >> > >> > to my .ssh/config and still receive an error message of: &gt...
2025 Feb 09
2
[Bug 3786] New: openssh client no longer connects to dropbear server
...he client does not connect to dropbear running on OpenWRT. With client 9.8 I am able to connect. $ ./ssh root at 192.168.0.1 ssh_dispatch_run_fatal: Connection to 192.168.0.1 port 22: error in libcrypto $ Doing -vvv does not print anything else meaningful. My client config: Host 192.168.0.1 PubkeyAcceptedAlgorithms +ssh-rsa HostkeyAlgorithms +ssh-rsa The dropbear server arguments: /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3 SSH_ERR_LIBCRYPTO_ERROR is returned from sshkey_pkey_digest_verify in sshkey.c -- You are receiving this mail because: You are watching the assignee of the...
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...nee: unassigned-bugs at mindrot.org Reporter: aivars at gmail.com OpenSSH server (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than are actually allowed. Modified server configuration (just one PK algorithm allowed): PubkeyAcceptedAlgorithms rsa-sha2-256 Obtaining debug info: ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512 ec2-user@<...IP...> Debug output: debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha...
2019 Jan 23
2
[Bug 2959] New: Disabling just rsa-sha2-512 breaks public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2959 Bug ID: 2959 Summary: Disabling just rsa-sha2-512 breaks public key authentication Product: Portable OpenSSH Version: 7.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:
2024 Dec 04
1
Better reporting for signature algorithm mismatch?
...AcBoSERWyhAXEo agent debug1: send_pubkey_test: no mutual signature algorithm <<<< *THIS* ... debug1: Authentications that can continue: publickey,keyboard-interactive debug1: No more authentication methods to try. foo at bar: Permission denied (publickey,keyboard-interactive). % ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa foo at bar << success >> I wonder if there could there be some way to highlight the "no mutual signature algorithm" message more prominently in normal operation? IMO it's not a problem with a specific key, but a protocol configuration issue which would affect...
2025 May 19
4
[Bug 3824] New: ssh -Q should also accept a remote hostname to query
https://bugzilla.mindrot.org/show_bug.cgi?id=3824 Bug ID: 3824 Summary: ssh -Q should also accept a remote hostname to query Product: Portable OpenSSH Version: 10.0p2 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee:
2023 Dec 18
1
Announce: OpenSSH 9.6 released
...enSSH private key format was supported. * ssh(1), sshd(8): introduce a protocol extension to allow renegotiation of acceptable signature algorithms for public key authentication after the server has learned the username being used for authentication. This allows varying sshd_config(5) PubkeyAcceptedAlgorithms in a "Match user" block. * ssh-add(1), ssh-agent(1): add an agent protocol extension to allow specifying certificates when loading PKCS#11 keys. This allows the use of certificates backed by PKCS#11 private keys in all OpenSSH tools that support ssh-agent(1). Previously only ss...
2023 Dec 18
0
Announce: OpenSSH 9.6 released
...enSSH private key format was supported. * ssh(1), sshd(8): introduce a protocol extension to allow renegotiation of acceptable signature algorithms for public key authentication after the server has learned the username being used for authentication. This allows varying sshd_config(5) PubkeyAcceptedAlgorithms in a "Match user" block. * ssh-add(1), ssh-agent(1): add an agent protocol extension to allow specifying certificates when loading PKCS#11 keys. This allows the use of certificates backed by PKCS#11 private keys in all OpenSSH tools that support ssh-agent(1). Previously only ss...
2021 Jul 25
8
[Bug 3331] New: Issues with man pages
https://bugzilla.mindrot.org/show_bug.cgi?id=3331 Bug ID: 3331 Summary: Issues with man pages Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: All Status: NEW Severity: minor Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org