Displaying 20 results from an estimated 35 matches for "pubkeyacceptedkeytyp".
Did you mean:
pubkeyacceptedkeytypes
2016 May 11
2
ssh 6.6.1, PubkeyAcceptedKeyTypes
So I add the line
PubkeyAcceptedKeyTypes +ssh-dss
to my opensshd_config file. When I restart sshd, I am told that
May 11 09:33:14 pickles systemd: Started OpenSSH Server Key Generation.
May 11 09:33:14 pickles systemd: Started OpenSSH server daemon.
May 11 09:33:14 pickles systemd: Starting OpenSSH server daemon...
May 11 09:33:14 pic...
2020 Sep 26
18
[Bug 3213] New: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
https://bugzilla.mindrot.org/show_bug.cgi?id=3213
Bug ID: 3213
Summary: openssh 8.3p1 will not use any type of RSA key for
legacy servers if ssh-rsa is not in
PubkeyAcceptedKeyTypes
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: gordon.m...
2018 Nov 22
2
Try to login: permission denied
Hi,
I've some arch linux systems running on two rasp pi's as server.
I've been able to loging always, since a year or so, and since a week
or two this is not the case anymore.
I've enabled public key auth explicit:
PubkeyAcceptedKeyTypes ssh-rsa
PubkeyAuthentication yes
The server is running version 7.9p1
It looks like there has been introduced:
- a new required flag which I did not enable
- a bug
Does thius ring any bells?
Stef
the Netherlands
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
...igrating (installing as new) the server where they connect to CentOS 8
+ updates.
I was not able to connect with the keys to this new server even after
having added, as found in several internet pages, this directive at the end
of /etc/ssh/sshd_config of the CentOS 8 server:
# Accept also DSA keys
PubkeyAcceptedKeyTypes=+ssh-dss
and
systemctl restart sshd
I kept getting in journal the message:
userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
I saw that the sshd process had started with the option
... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256,
ecdsa-sha2-nistp256-cert-v...
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
...hese ("dsa" generating an "ssh-dss" key) is
already disabled, the last of these (rsa) seems scheduled to be
disabled, and many newer key types are missing.
In comparison, the default list of acceptable keytypes for publickey
authentication is given in sshd_config.5 under option
PubkeyAcceptedKeyTypes as
ssh-ed25519-cert-v01 at openssh.com,
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
sk-ssh-ed25519-cert-v01 at openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,
rsa-sha2-512-cert-v01 at openssh....
2019 Oct 17
0
DSA key not accepted on CentOS even after enabling
PubkeyAcceptedKeyTypes=+ssh-dss
You also need that ^^ in their client if they are running on el8 machine
as well .. i needed to put it in my ~/.ssh/config when connecting FROM
an el8 machine to somewhere else.
On 10/17/19 9:27 AM, Gianluca Cecchi wrote:
> Hello,
> I have some users that connect to a server with...
2017 Jul 21
15
[Bug 2746] New: RFE: Allow to disable SHA1 signatures for RSA
https://bugzilla.mindrot.org/show_bug.cgi?id=2746
Bug ID: 2746
Summary: RFE: Allow to disable SHA1 signatures for RSA
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2019 Jun 09
2
OpenSSH forcing the signature to SHA1.
....
When the code tries to verify the signature of the public key of the server
using this algorithm, it is throwing an exception
ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1). So my
understanding is the server is forcing the signature to be SHA1.
I did try to use the parameter
PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa
But that does not help.
Also with the same SHA256withRSA algorithm when the code sign the data and
send it to server, it results in signature unverified error.
debug3: mm_answer_keyverify: publickey 0x56471045da10 signature unverified
Things work fin...
2020 Feb 06
3
Call for testing: OpenSSH 8.2
On 2020-02-06 at 13:28 +1100, Darren Tucker wrote:
> Like this.
> --- a/sshd_config.5
> +++ b/sshd_config.5
The ssh_config.5 also has a copy of this and presumably needs the same
change, unless I've misunderstood.
-Phil
2020 Feb 23
4
Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)
I am trying to understand the details of the deprecation notice.
Because I am getting people asking me questions. And I don't know the
answer. Therefore I am pushing the boulder uphill and asking here. :-)
Damien Miller wrote:
> Future deprecation notice
> =========================
>
> It is now possible[1] to perform chosen-prefix attacks against the
> SHA-1 algorithm for
2015 Aug 11
0
Announce: OpenSSH 7.0 released
...sword/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
were enabled).
New Features
------------
* ssh_config(5): add PubkeyAcceptedKeyTypes option to control which
public key types are available for user authentication.
* sshd_config(5): add HostKeyAlgorithms option to control which
public key types are offered for host authentications.
* ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
HostKeyAlgorithms, PubkeyAcce...
2020 Jun 01
5
"ssh -Q key" does not list rsa-sha2 algorithms
...ignature algorithms,
> you want "-Q sig". This is documented in the man page.
In addition, from version 8.2 ssh -Q will also accept ssh_config
keywords and emit the formats or algorithms accepted by that keyword,
eg.
$ ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
$ ssh -Q PubkeyAcceptedKeyTypes
[...]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
[...]
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
2017 Apr 04
3
Allow SHA1 deprecation for rsa-sha
Hi,
Following the fix [1] being released on 7.5, now SHA2 RSA signature
methods work properly.
On the other hand it is still not possible to disable SHA1 RSA alone
(as an example, as SHA2-256 or SHA2-512 could also potentially be not
desirable), where it is considered insecure or undesirable.
I am proposing to add a mechanism, and happy to submit a patch, to
enable selection of the Hashes
2015 Aug 11
2
Announce: OpenSSH 7.0 released
...sword/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
were enabled).
New Features
------------
* ssh_config(5): add PubkeyAcceptedKeyTypes option to control which
public key types are available for user authentication.
* sshd_config(5): add HostKeyAlgorithms option to control which
public key types are offered for host authentications.
* ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
HostKeyAlgorithms, PubkeyAcce...
2020 Mar 02
4
Question about host key algorithms
$ ssh -Q HostKeyAlgorithms
Unsupported query "HostKeyAlgorithms"
$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2u 20 Dec 2019
On Mon, Mar 2, 2020 at 2:24 PM Christian Hesse <list at eworm.de> wrote:
> Luveh Keraph <1.41421 at gmail.com> on Mon, 2020/03/02 14:07:
> > When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
> > following output:
> >
2016 Feb 29
0
Announce: OpenSSH 7.2 released
...nse and would cause ssh to print an uninitialised stack
variable. bz#2500
* ssh(1): fix errors when attempting to connect to scoped IPv6
addresses with hostname canonicalisation enabled.
* sshd_config(5): list a couple more options usable in Match blocks.
bz#2489
* sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.
* ssh(1): expand tilde characters in filenames passed to -i options
before checking whether or not the identity file exists. Avoids
confusion for cases where shell doesn't expand (e.g. "-i ~/file"
vs. "-i~/file"). bz#2481
*...
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
...,umac-128 at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-md5-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-ripemd160-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com
PubkeyAcceptedKeyTypes
ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-c...
2016 May 11
23
[Bug 2568] New: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures
https://bugzilla.mindrot.org/show_bug.cgi?id=2568
Bug ID: 2568
Summary: ssh fails to authenticate using RSA keys when agent
does not support sha256/512 signatures
Product: Portable OpenSSH
Version: -current
Hardware: Other
URL: https://github.com/connectbot/connectbot/issues/397
OS: Linux
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...erver (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon
Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than
are actually allowed.
Modified server configuration (just one PK algorithm allowed):
PubkeyAcceptedAlgorithms rsa-sha2-256
Obtaining debug info:
ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512
ec2-user@<...IP...>
Debug output:
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com,webauthn-sk-e...
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
...SA host key for {REDACTED} has changed and you have requested
strict checking.
Host key verification failed.
The relevant part of my .ssh/config file is
Host *
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
The relevant part of my /etc/ssh/ssh_config is:
Host *
AddressFamily inet
PubkeyAcceptedKeyTypes +ssh-dss
HostKeyAlgorithms +ssh-dss
- Ryan
On Tue, Sep 15, 2020 at 11:25 PM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 15 Sep 2020, Ryan Mulligan wrote:
>
> > Hello.
> >
> > I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
> &...