similar to: [Bug 747] host authentication requires RSA1 keys

http://bugzilla.mindrot.org/show_bug.cgi?id=746 Summary: host authentication requires RSA1 keys Product: Portable OpenSSH Version: 3.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure

Hi guys Though being a mere user, - as opposed to an expert - in many long years of ssh in my use this, is new: -> $ ssh box5.proxmox.mine hostname -i 10.3.1.78 -> $ ssh box5 hostname -i Warning: the RSA host key for 'box5' differs from the key for the IP address '10.3.1.78' Offending key for IP in /root/.ssh/known_hosts:2 Matching host key in /etc/ssh/ssh_known_hosts:2

Hi, I''m attempting to distribute a known host ssh key (for github) to an Ubuntu 10.04 host. Puppet is distributing the key into /etc/ssh/ ssh_known_hosts as: github.com ssh-rsa [really long ssh-rsa key] However, Ubuntu seems to expect the key in this format: |1|[really long ssh-rsa key] (note all the keys in my known_hosts and ssh_known_hosts not managed by puppet are prepended with

A non-text attachment was scrubbed... Name: ports.patch Type: text/x-diff Size: 6972 bytes Desc: Add support for the [host]:port syntax to ssh-keyscan Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20081228/51000c08/attachment-0001.bin

Hello all, How are you using the sshkey type? Are you using it to list hosts and keys in a class that nodes include in order to manage /etc/ssh/ssh_known_hosts or something else? How does any of this relate to the sshrsakey and sshdsakey facts on the host? I read some stuff about this on the Virtual Resources page but it''s too vague for my simple mind and I''d be reluctant to use

I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterday and it fixed the cron/audit issue but now root logins are no longer permitted. I updated it to 2.5.1p2 this morning and that is still the case: golfer:/[207]# ssh -v tsunami OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /var/ssh/ssh_config debug: Applying options for *

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

This question should be asked before, but I fail to find the discussion. What options can be used for storing host/users pubkeys in a publically available places? I know openssh currently provide option except if /etc/ssh_known_hosts and ~/.ssh/known_hosts. But what about many machines? Think of e.g. pgp keyservers. Note that pgp keyservers isn't a good solution *always*. The best one

I'm trying to use HostbasedAuthentication. Running ssh -v -v -v user at host the following error occurs: debug3: authmethod_is_enabled hostbased debug1: next auth method to try is hostbased debug2: userauth_hostbased: chost <host> debug2: we did not send a packet, disable method What does this mean ? I enabled HostbasedAuthentication in /etc/ssh/ssh_config and as it looks, this setting

Hi, I am using ssh-keyscan with a list of hosts, such as: ssh-keyscan -t rsa -f hosts_for_keyscan Some of the hosts in the list have dsa, but no rsa keys. For such hosts, the command displays: no hostkey alg When this is the case for 2 hosts, this message appears twice AND SSH-KEYSCAN STOPS QUERYING, which means that no keys at all are returned for the following hosts. Here is the part of the

I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]

I'm finding another problem with OpenSSH 2.5.1p1 on RH 6.2 (at least, I think it's the linux box that is the problem). I'm ssh'ing to a RH 6.2 box from a Solaris 7 server (scp also... seems like the same problem). I'm using authorized_keys and identity.pub files to do it automagically, and all works well when it's from user to user, where the username is the same, but if

https://bugzilla.mindrot.org/show_bug.cgi?id=1213 Andreas Kotes <count-mindrot at flatline.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |count-mindrot at flatline.de Severity|normal |major --- Comment #6 from

Hello there, I'm a little afraid of writing here, hope I don't make any mistake doing so. I'm trying for days and searching the web too, but no obvious solution, no reply from the specialized forum I wrote in. Here is the situation: I would like to have a lighter security inside our domain, without changing when going outside. By "lighter security" I mean at least, no

--On Monday, January 01, 2024 1:01 PM +0100 lejeczek via CentOS <centos at centos.org> wrote: > -> $ ssh box5.proxmox.mine hostname -i > 10.3.1.78 > > -> $ ssh box5 hostname -i > Warning: the RSA host key for 'box5' differs from the key for the IP > address '10.3.1.78' > Offending key for IP in /root/.ssh/known_hosts:2 > Matching host key in

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

Is there a security issue with turning an RSA1 key into an RSA key? One might want to do this, e.g., to move to protocol 2 without having to update authorized_keys files. I thought there was a problem with this, but Google doesn't find anything. thanks /fc

https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd