[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi] DSA now disabled in OpenSSH
|
From: |
Greg Chicares |
|
Subject: |
[lmi] DSA now disabled in OpenSSH |
|
Date: |
Wed, 16 Dec 2015 14:38:03 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0 |
I've completely reinstalled Cygwin, and now ssh isn't working, presumably
because I've used DSA since forever, and openssh now disables it...
$ssh -V
OpenSSH_7.1p1, OpenSSL 1.0.2e 3 Dec 2015
http://www.openssh.com/legacy.html
| OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key
algorithm.
| It too is weak and we recommend against its use.
http://savannah.gnu.org/maintenance/SshAccess/
| We recommend using only RSA keys, not DSA.
$ssh -v svn.sv.gnu.org
...
debug1: Trying private key: /home/XXXX/.ssh/id_rsa
debug1: Skipping ssh-dss key /home/XXXX/.ssh/id_dsa for not in
PubkeyAcceptedKeyTypes
I tried this workaround...
$ssh -v -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedKeyTypes=+ssh-dss
svn.sv.gnu.org
debug1: Next authentication method: publickey
debug1: Trying private key: /home/XXXX/.ssh/id_rsa
debug1: Offering DSA public key: /home/XXXX/.ssh/id_dsa
...
Permission denied (publickey).
...but it failed, so I created a new RSA key...
$ssh-keygen -t rsa -b 4096 -C "address@hidden"
...and registered it at savannah. It still doesn't work yet...
$ssh -v svn.sv.gnu.org
debug1: Offering RSA public key: /home/XXXX/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Skipping ssh-dss key /home/XXXX/.ssh/id_dsa for not in
PubkeyAcceptedKeyTypes
debug1: Trying private key: /home/XXXX/.ssh/id_ecdsa
debug1: Trying private key: /home/XXXX/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
...but at least now it's offered. Presumably I just have to wait an hour
until savannah's cron job picks up the new key.
- [lmi] DSA now disabled in OpenSSH,
Greg Chicares <=