Re: ssh-agent not working after upgrade to fedora 23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/13/2016 01:04 PM, Tom Horsley wrote:

On Wed, 13 Apr 2016 15:51:31 -0400
Richard Heck wrote:


Any suggestions?


Yep. The security geeks decided dsa keys weren't secure,
but none of the errors messages you get give you a hint
that dsa keys no longer work.

You can change a lot of obscure parameters in /etc/sshd.config
(and maybe /etc/ssh.config as well) or you can sigh and
generate new keys using an "acceptable" cipher and
distribute the new public key around to every single
system that has your old dsa key.


You can use "ssh -o HostkeyAlgorithms +ssh-dss remotehost" to
temporarily use dsa keys, or add

	Host *
	    HostkeyAlgorithms +ssh-dss

to your /etc/ssh/ssh_config or ~/.ssh/config file, but switch to rsa
when you can. The "experts" think its better and by default, ssh won't
use dss any more.
Also be aware that by default ssh no longer allows diffie-hellman-group1-sha1 key exchange.
Again, you can "ssh -o KexAlgorithms +diffie-hellman-group1-sha1 remotehost" or add 

	Host *
	    KexAlgorithms +diffie-hellman-group1-sha

to your /etc/ssh/ssh_config or ~/.ssh/config files. Both of these have
gotten me trying to log into some older Cisco routers. I've added things
like

	Host remote-cisco-gear
	    HostkeyAlgorithms +ssh-dss
	    KexAlgorithms +diffie-hellman-group1-sha1

for each of these problematic machines to my ~/.ssh/config file to get
around these issues. Grrrr!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-  Time: Nature's way of keeping everything from happening at once.  -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
http://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux