NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/53670: openssl/openssh compat broken



The following reply was made to PR bin/53670; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/53670: openssl/openssh compat broken
Date: Mon, 15 Oct 2018 10:46:15 +0200

 Adding -o HostKeyAlgorithms=ssh-rsa makes the connection work.
 So:
 
 debug1: kex: algorithm: curve25519-sha256%libssh.org@localhost
 debug1: kex: host key algorithm: ssh-rsa
 debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
 debug1: kex: server->client cipher: chacha20-poly1305%openssh.com@localhost MAC: <implicit> compression: none
 debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
 debug1: kex: client->server cipher: chacha20-poly1305%openssh.com@localhost MAC: <implicit> compression: none
 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
 debug1: Server host key: ssh-rsa SHA256:NaSg1AiUlL5WWOjnfjKzWtaYWwbQ/XITJWbm0JrnTYY
 
 This all seems to also depend on details in .ssh/known_hosts - if there is no
 entry, it will fail if not restricted with an option like above, but if there
 is a proper ssh-rsa entry, it will just use that, so afterwards it works
 without any options.
 
 Martin
 


Home | Main Index | Thread Index | Old Index