Re: bin/50148: new ssh does not work at all

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/50148: new ssh does not work at all
From: Martin Husemann <martin%duskware.de@localhost>
Date: Fri, 14 Aug 2015 08:00:00 +0000 (UTC)

The following reply was made to PR bin/50148; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: John Nemeth <jnemeth%cue.bc.ca@localhost>
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: bin/50148: new ssh does not work at all
Date: Fri, 14 Aug 2015 09:58:12 +0200

 On Fri, Aug 14, 2015 at 12:55:19AM -0700, John Nemeth wrote:
 >  * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
 >    by default at run-time. These may be re-enabled using the
 >    instructions at http://www.openssh.com/legacy.html

 Indeed, this is the issue.

 While the agent had an RSA1 key as well, that server only had the DSA
 key as authorized_key.

 So adding 

 PubkeyAcceptedKeyTypes  +ssh-dss

 to /etc/ssh/ssh_config worked around the issue for now.
 Next step: regen some keys and update tons of authorized_keys files.

 Stupid security facists!
 This needs a VERY PROMINENT heads up somewhere.

 Martin

Prev by Date: Re: bin/50148: new ssh does not work at all
Next by Date: Re: bin/50148: new ssh does not work at all
Previous by Thread: Re: bin/50148: new ssh does not work at all
Next by Thread: Re: bin/50148: new ssh does not work at all
Indexes:

Home | Main Index | Thread Index | Old Index