Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Honey, I broke public-key logins

On Mon, 1 Nov 2021 at 09:01, Jun Ebihara <> wrote:
> From: Bob Bernstein <>
> Subject: Honey, I broke public-key logins
> Date: Sun, 31 Oct 2021 18:21:52 -0400 (EDT)
> > I never really was one to look before I leap, and a recent 'sysbuild'
> > and 'sysupgrade' to 9.99.92 produced the effect noted above in
> > Subject:. (The reference is to the film "Honey I shrunk the kids.")
> "Incompatibility is more likely when connecting to older SSH
> implementations that have not been upgraded or have not closely tracked
> improvements in the SSH protocol. For these cases, it may be necessary
> to selectively re-enable RSA/SHA1 to allow connection and/or user
> authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
> options. For example, the following stanza in ~/.ssh/config will enable
> RSA/SHA1 for host and user authentication for a single destination host:
>     Host old-host
>         HostkeyAlgorithms +ssh-rsa
>         PubkeyAcceptedAlgorithms +ssh-rsa
> "
> --
> Jun Ebihara

That didn't work for me when trying to ssh from a -current NetBSD
system to a Solaris10U11 host. I get:

$ ssh
Unable to negotiate with port 22: no matching key
exchange method found. Their offer:

On the other hand, on the NetBSD system, 'ssh -Q HostKeyAlgorithms'
(and PubkeyAcceptedAlgorithms) show:

I don't see anything common here; I couldn't find anything relevant in
/etc/ssh/sshd_config on the Solaris 10 system, which is running Sun
ssh v1.1.5.

I can connect to the Solaris system using putty on a W11 host; the
native ssh W11 client seems to work as well.



Home | Main Index | Thread Index | Old Index