search for: pubkeyacceptedkeytypes

Displaying 20 results from an estimated 35 matches for "pubkeyacceptedkeytypes".

2016 May 11
2
ssh 6.6.1, PubkeyAcceptedKeyTypes
So I add the line PubkeyAcceptedKeyTypes +ssh-dss to my opensshd_config file. When I restart sshd, I am told that May 11 09:33:14 pickles systemd: Started OpenSSH Server Key Generation. May 11 09:33:14 pickles systemd: Started OpenSSH server daemon. May 11 09:33:14 pickles systemd: Starting OpenSSH server daemon... May 11 09:33:14 pickl...
2020 Sep 26
18
[Bug 3213] New: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
https://bugzilla.mindrot.org/show_bug.cgi?id=3213 Bug ID: 3213 Summary: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: gordon.mes...
2018 Nov 22
2
Try to login: permission denied
Hi, I've some arch linux systems running on two rasp pi's as server. I've been able to loging always, since a year or so, and since a week or two this is not the case anymore. I've enabled public key auth explicit: PubkeyAcceptedKeyTypes ssh-rsa PubkeyAuthentication yes The server is running version 7.9p1 It looks like there has been introduced: - a new required flag which I did not enable - a bug Does thius ring any bells? Stef the Netherlands
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
...igrating (installing as new) the server where they connect to CentOS 8 + updates. I was not able to connect with the keys to this new server even after having added, as found in several internet pages, this directive at the end of /etc/ssh/sshd_config of the CentOS 8 server: # Accept also DSA keys PubkeyAcceptedKeyTypes=+ssh-dss and systemctl restart sshd I kept getting in journal the message: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] I saw that the sshd process had started with the option ... -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256, ecdsa-sha2-nistp256-cert-v01...
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
...hese ("dsa" generating an "ssh-dss" key) is already disabled, the last of these (rsa) seems scheduled to be disabled, and many newer key types are missing. In comparison, the default list of acceptable keytypes for publickey authentication is given in sshd_config.5 under option PubkeyAcceptedKeyTypes as ssh-ed25519-cert-v01 at openssh.com, ecdsa-sha2-nistp256-cert-v01 at openssh.com, ecdsa-sha2-nistp384-cert-v01 at openssh.com, ecdsa-sha2-nistp521-cert-v01 at openssh.com, sk-ssh-ed25519-cert-v01 at openssh.com, sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com, rsa-sha2-512-cert-v01 at openssh.co...
2019 Oct 17
0
DSA key not accepted on CentOS even after enabling
PubkeyAcceptedKeyTypes=+ssh-dss You also need that ^^ in their client if they are running on el8 machine as well .. i needed to put it in my ~/.ssh/config when connecting FROM an el8 machine to somewhere else. On 10/17/19 9:27 AM, Gianluca Cecchi wrote: > Hello, > I have some users that connect to a server with t...
2017 Jul 21
15
[Bug 2746] New: RFE: Allow to disable SHA1 signatures for RSA
https://bugzilla.mindrot.org/show_bug.cgi?id=2746 Bug ID: 2746 Summary: RFE: Allow to disable SHA1 signatures for RSA Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at
2019 Jun 09
2
OpenSSH forcing the signature to SHA1.
.... When the code tries to verify the signature of the public key of the server using this algorithm, it is throwing an exception ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1). So my understanding is the server is forcing the signature to be SHA1. I did try to use the parameter PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa But that does not help. Also with the same SHA256withRSA algorithm when the code sign the data and send it to server, it results in signature unverified error. debug3: mm_answer_keyverify: publickey 0x56471045da10 signature unverified Things work fine...
2020 Feb 06
3
Call for testing: OpenSSH 8.2
On 2020-02-06 at 13:28 +1100, Darren Tucker wrote: > Like this. > --- a/sshd_config.5 > +++ b/sshd_config.5 The ssh_config.5 also has a copy of this and presumably needs the same change, unless I've misunderstood. -Phil
2020 Feb 23
4
Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)
I am trying to understand the details of the deprecation notice. Because I am getting people asking me questions. And I don't know the answer. Therefore I am pushing the boulder uphill and asking here. :-) Damien Miller wrote: > Future deprecation notice > ========================= > > It is now possible[1] to perform chosen-prefix attacks against the > SHA-1 algorithm for
2015 Aug 11
0
Announce: OpenSSH 7.0 released
...sword/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). New Features ------------ * ssh_config(5): add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication. * sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications. * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAccept...
2020 Jun 01
5
"ssh -Q key" does not list rsa-sha2 algorithms
...ignature algorithms, > you want "-Q sig". This is documented in the man page. In addition, from version 8.2 ssh -Q will also accept ssh_config keywords and emit the formats or algorithms accepted by that keyword, eg. $ ssh -V OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020 $ ssh -Q PubkeyAcceptedKeyTypes [...] ssh-rsa rsa-sha2-256 rsa-sha2-512 [...] -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
2017 Apr 04
3
Allow SHA1 deprecation for rsa-sha
Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, to enable selection of the Hashes
2015 Aug 11
2
Announce: OpenSSH 7.0 released
...sword/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). New Features ------------ * ssh_config(5): add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication. * sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications. * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAccept...
2020 Mar 02
4
Question about host key algorithms
$ ssh -Q HostKeyAlgorithms Unsupported query "HostKeyAlgorithms" $ ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2u 20 Dec 2019 On Mon, Mar 2, 2020 at 2:24 PM Christian Hesse <list at eworm.de> wrote: > Luveh Keraph <1.41421 at gmail.com> on Mon, 2020/03/02 14:07: > > When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the > > following output: > >
2016 Feb 29
0
Announce: OpenSSH 7.2 released
...nse and would cause ssh to print an uninitialised stack variable. bz#2500 * ssh(1): fix errors when attempting to connect to scoped IPv6 addresses with hostname canonicalisation enabled. * sshd_config(5): list a couple more options usable in Match blocks. bz#2489 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block. * ssh(1): expand tilde characters in filenames passed to -i options before checking whether or not the identity file exists. Avoids confusion for cases where shell doesn't expand (e.g. "-i ~/file" vs. "-i~/file"). bz#2481 * s...
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
...,umac-128 at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-md5-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-ripemd160-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com PubkeyAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cer...
2016 May 11
23
[Bug 2568] New: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures
https://bugzilla.mindrot.org/show_bug.cgi?id=2568 Bug ID: 2568 Summary: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures Product: Portable OpenSSH Version: -current Hardware: Other URL: https://github.com/connectbot/connectbot/issues/397 OS: Linux
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
...erver (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than are actually allowed. Modified server configuration (just one PK algorithm allowed): PubkeyAcceptedAlgorithms rsa-sha2-256 Obtaining debug info: ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512 ec2-user@<...IP...> Debug output: debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com,webauthn-sk-ecd...
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
...SA host key for {REDACTED} has changed and you have requested strict checking. Host key verification failed. The relevant part of my .ssh/config file is Host * IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_rsa The relevant part of my /etc/ssh/ssh_config is: Host * AddressFamily inet PubkeyAcceptedKeyTypes +ssh-dss HostKeyAlgorithms +ssh-dss - Ryan On Tue, Sep 15, 2020 at 11:25 PM Damien Miller <djm at mindrot.org> wrote: > > On Tue, 15 Sep 2020, Ryan Mulligan wrote: > > > Hello. > > > > I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows > &gt...