Displaying 9 results from an estimated 9 matches for "pubkeyacceptedalgorithms".
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...using the most up to date version of openssh on OL8 that I can patch to
(OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
tried adding
HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
or
HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
to my .ssh/config and still receive an error message of:
agent key RSA-CERT SHA256:..... returned incorrect signature type
sign_...
2024 Sep 09
2
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...sion of openssh on OL8 that I can patch to
> (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
> ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
> tried adding
>
> HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> or
> HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>
> to my .ssh/config and still receive an error message of:
>
> agent key RSA-CERT SHA256:..... retu...
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...patch
> to
> > (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
> > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
> > tried adding
> >
> > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> > or
> > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> >
> > to my .ssh/config and still receive an error message of:
> >
> > age...
2024 Jul 14
1
Configuration for root logins
...rg_ed25519
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KerberosAuthentication no
ListenAddress = 192.168.0.1
ListenAddress = fd46:1ffa:d8e0::1
LogLevel VERBOSE
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
PermitTTY yes
PermitTunnel no
PermitUserRC yes
PubkeyAuthentication yes
PubkeyAcceptedAlgorithms ssh-ed25519
UseDNS = no
X11Forwarding no
For now, the client machine is on a static IP address, just for testing
using my in-house network. But later the client machines will be on
dynamic IP addresses, which is why I have
'HostbasedUsesNameFromPacketOnly yes'. With this setup I can log...
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Bug ID: 3253
Summary: ssh-keygen man page still lists deprecated key types
for -t
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...gt; (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
>> > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
>> > tried adding
>> >
>> > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>> > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>> > or
>> > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>> > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>> >
>> > to my .ssh/config and still receive an error message of:
>...
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...nee: unassigned-bugs at mindrot.org
Reporter: aivars at gmail.com
OpenSSH server (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon
Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than
are actually allowed.
Modified server configuration (just one PK algorithm allowed):
PubkeyAcceptedAlgorithms rsa-sha2-256
Obtaining debug info:
ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512
ec2-user@<...IP...>
Debug output:
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha...
2023 Dec 18
1
Announce: OpenSSH 9.6 released
...enSSH private key format was supported.
* ssh(1), sshd(8): introduce a protocol extension to allow
renegotiation of acceptable signature algorithms for public key
authentication after the server has learned the username being
used for authentication. This allows varying sshd_config(5)
PubkeyAcceptedAlgorithms in a "Match user" block.
* ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the
use of certificates backed by PKCS#11 private keys in all OpenSSH
tools that support ssh-agent(1). Previously only ss...
2023 Dec 18
0
Announce: OpenSSH 9.6 released
...enSSH private key format was supported.
* ssh(1), sshd(8): introduce a protocol extension to allow
renegotiation of acceptable signature algorithms for public key
authentication after the server has learned the username being
used for authentication. This allows varying sshd_config(5)
PubkeyAcceptedAlgorithms in a "Match user" block.
* ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the
use of certificates backed by PKCS#11 private keys in all OpenSSH
tools that support ssh-agent(1). Previously only ss...