Re: bin/50148: new ssh does not work at all

To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/50148: new ssh does not work at all
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Fri, 14 Aug 2015 00:55:19 -0700

On Aug 14,  6:55am, martin%NetBSD.org@localhost wrote:
}
} >Number:         50148
} >Synopsis:       new ssh does not work at all
} >Severity:       critical
} >Priority:       high
} >Responsible:    bin-bug-people
} >State:          open
} >Class:          sw-bug
} >Arrival-Date:   Fri Aug 14 06:55:00 +0000 2015
} >Originator:     Martin Husemann
} >Release:        NetBSD 7.99.20
} >Description:
} 
} Since updating to the new ssh yesterday, I can't connect anywhere:
} 
} [snip]
} 
} debug1: Authentications that can continue: publickey
} debug3: start over, passed a different list publickey
} debug3: preferred kerberos-2%ssh.com@localhost,publickey,keyboard-interactive,password
} debug3: authmethod_lookup publickey
} debug3: remaining preferred: keyboard-interactive,password
} debug3: authmethod_is_enabled publickey
} debug1: Next authentication method: publickey
} debug1: Skipping ssh-dss key /home/martin/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes

     I think the issue is here.  Reading the release announcement,
I see that they have been disabling/deprecating all sorts of things,
in the name of improving security (and intend to do more of this
in the next release).  Apparently, they don't think backwards
compatibility is important.

>From the announcment:

-----

[...]
Changes since OpenSSH 6.9
=========================

This focus of this release is primarily to deprecate weak, legacy
and/or unsafe cryptography.
[...]
Potentially-incompatible Changes
--------------------------------

 * Support for the legacy SSH version 1 protocol is disabled by
   default at compile time.

 * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
   is disabled by default at run-time. It may be re-enabled using
   the instructions at http://www.openssh.com/legacy.html

 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at http://www.openssh.com/legacy.html

 * Support for the legacy v00 cert format has been removed.

 * The default for the sshd_config(5) PermitRootLogin option has
   changed from "yes" to "prohibit-password".

 * PermitRootLogin=without-password/prohibit-password now bans all
   interactive authentication methods, allowing only public-key,
   hostbased and GSSAPI authentication (previously it permitted
   keyboard-interactive and password-less authentication if those
   were enabled).

-----

martin's issue is the third point.

     On a slightly different, but similar issue, I sure hope we
have reversed the first point (SSHv1 being disabled at compile
time).  I still use SSHv1 for connecting to older, but perfectly
functional routers.  What do they expect me to do, switch to using
telnet, which would be the only alternative.  "Replace the routers"
is not a good answer.

} debug1: Trying private key: /home/martin/.ssh/id_rsa
} debug3: no such identity: /home/martin/.ssh/id_rsa: No such file or directory
} debug1: Trying private key: /home/martin/.ssh/id_ecdsa
} debug3: no such identity: /home/martin/.ssh/id_ecdsa: No such file or directory
} debug1: Trying private key: /home/martin/.ssh/id_ed25519
} debug3: no such identity: /home/martin/.ssh/id_ed25519: No such file or directory
} debug2: we did not send a packet, disable method
} debug1: No more authentication methods to try.
} Permission denied (publickey).
} 
}-- End of excerpt from martin%NetBSD.org@localhost

References:
- bin/50148: new ssh does not work at all
  - From: martin

Prev by Date: Re: bin/50148: new ssh does not work at all
Next by Date: Re: bin/50148: new ssh does not work at all
Previous by Thread: Re: bin/50148: new ssh does not work at all
Next by Thread: Re: bin/50148: new ssh does not work at all
Indexes:

Home | Main Index | Thread Index | Old Index