Displaying 15 results from an estimated 15 matches for "pubkeyacceptedalgorithms".
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...using the most up to date version of openssh on OL8 that I can patch to
(OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
tried adding
HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
or
HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
to my .ssh/config and still receive an error message of:
agent key RSA-CERT SHA256:..... returned incorrect signature type
sign_...
2024 Sep 09
2
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...sion of openssh on OL8 that I can patch to
> (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
> ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
> tried adding
>
> HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> or
> HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>
> to my .ssh/config and still receive an error message of:
>
> agent key RSA-CERT SHA256:..... retu...
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...patch
> to
> > (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
> > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
> > tried adding
> >
> > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
> > or
> > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
> >
> > to my .ssh/config and still receive an error message of:
> >
> > age...
2025 Jan 20
3
[Bug 3779] New: SHA1 deprecation
https://bugzilla.mindrot.org/show_bug.cgi?id=3779
Bug ID: 3779
Summary: SHA1 deprecation
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter:
2024 Jul 14
1
Configuration for root logins
...rg_ed25519
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KerberosAuthentication no
ListenAddress = 192.168.0.1
ListenAddress = fd46:1ffa:d8e0::1
LogLevel VERBOSE
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
PermitTTY yes
PermitTunnel no
PermitUserRC yes
PubkeyAuthentication yes
PubkeyAcceptedAlgorithms ssh-ed25519
UseDNS = no
X11Forwarding no
For now, the client machine is on a static IP address, just for testing
using my in-house network. But later the client machines will be on
dynamic IP addresses, which is why I have
'HostbasedUsesNameFromPacketOnly yes'. With this setup I can log...
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Bug ID: 3253
Summary: ssh-keygen man page still lists deprecated key types
for -t
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
...gt; (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
>> > ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
>> > tried adding
>> >
>> > HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>> > PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>> > or
>> > HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>> > PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
>> >
>> > to my .ssh/config and still receive an error message of:
>...
2025 Feb 09
2
[Bug 3786] New: openssh client no longer connects to dropbear server
...he client does not connect to dropbear running on
OpenWRT.
With client 9.8 I am able to connect.
$ ./ssh root at 192.168.0.1
ssh_dispatch_run_fatal: Connection to 192.168.0.1 port 22: error in
libcrypto
$
Doing -vvv does not print anything else meaningful.
My client config:
Host 192.168.0.1
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
The dropbear server arguments:
/usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3
SSH_ERR_LIBCRYPTO_ERROR is returned from sshkey_pkey_digest_verify in
sshkey.c
--
You are receiving this mail because:
You are watching the assignee of the...
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...nee: unassigned-bugs at mindrot.org
Reporter: aivars at gmail.com
OpenSSH server (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon
Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than
are actually allowed.
Modified server configuration (just one PK algorithm allowed):
PubkeyAcceptedAlgorithms rsa-sha2-256
Obtaining debug info:
ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512
ec2-user@<...IP...>
Debug output:
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha...
2019 Jan 23
2
[Bug 2959] New: Disabling just rsa-sha2-512 breaks public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2959
Bug ID: 2959
Summary: Disabling just rsa-sha2-512 breaks public key
authentication
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2024 Dec 04
1
Better reporting for signature algorithm mismatch?
...AcBoSERWyhAXEo agent
debug1: send_pubkey_test: no mutual signature algorithm <<<< *THIS*
...
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
foo at bar: Permission denied (publickey,keyboard-interactive).
% ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa foo at bar
<< success >>
I wonder if there could there be some way to highlight the "no mutual
signature algorithm" message more prominently in normal operation? IMO
it's not a problem with a specific key, but a protocol configuration
issue which would affect...
2025 May 19
4
[Bug 3824] New: ssh -Q should also accept a remote hostname to query
https://bugzilla.mindrot.org/show_bug.cgi?id=3824
Bug ID: 3824
Summary: ssh -Q should also accept a remote hostname to query
Product: Portable OpenSSH
Version: 10.0p2
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee:
2023 Dec 18
1
Announce: OpenSSH 9.6 released
...enSSH private key format was supported.
* ssh(1), sshd(8): introduce a protocol extension to allow
renegotiation of acceptable signature algorithms for public key
authentication after the server has learned the username being
used for authentication. This allows varying sshd_config(5)
PubkeyAcceptedAlgorithms in a "Match user" block.
* ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the
use of certificates backed by PKCS#11 private keys in all OpenSSH
tools that support ssh-agent(1). Previously only ss...
2023 Dec 18
0
Announce: OpenSSH 9.6 released
...enSSH private key format was supported.
* ssh(1), sshd(8): introduce a protocol extension to allow
renegotiation of acceptable signature algorithms for public key
authentication after the server has learned the username being
used for authentication. This allows varying sshd_config(5)
PubkeyAcceptedAlgorithms in a "Match user" block.
* ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the
use of certificates backed by PKCS#11 private keys in all OpenSSH
tools that support ssh-agent(1). Previously only ss...
2021 Jul 25
8
[Bug 3331] New: Issues with man pages
https://bugzilla.mindrot.org/show_bug.cgi?id=3331
Bug ID: 3331
Summary: Issues with man pages
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org