Re: openssh update broke connectivity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From what I read in the release notes on openssh.com, dsa and rsa and a
whole bunch of other ciphers were depricated. The ssh-keygen program and man page both need updating to reflect these changes. In the past, I had generated a key set then copied the key up using ssh-copy-id and I was able to log in after that with ssh. One thing I don't quite understand in the release notes is a public key (my guess is generated by gnupg) will be needed to use openssh at all. I hope not since gpg is its own drum of worms and it wasn't explained how to integrate the keys in those release notes either unless I heard the explanation and didn't understand it. 

On Tue, 18 Aug 2015, Tony Baechler wrote:


Date: Tue, 18 Aug 2015 05:11:17
From: Tony Baechler <tony@xxxxxxxxxxxx>
Reply-To: Linux for blind general discussion <blinux-list@xxxxxxxxxx>
To: Linux for blind general discussion <blinux-list@xxxxxxxxxx>
Subject: Re: openssh update broke connectivity
OK, shellworld was the wrong host, but the information still applies. Even generating new keys might not solve the problem. You probably have to edit ssh_config to allow the weaker cyphers or downgrade your ssh client. I would suggest asking them to upgrade their sshd or to generate stronger host keys. The change log clearly explains this in much more detail.
No, you should be able to use password authentication, so you should not use plain, unsecure ftp except in an emergency. That's assuming they allow password authentication which is the default in most cases. You can still use rsync or ssh to connect with a regular password. Since it won't connect and isn't asking you for a password, this makes me think the problem is with their sshd using weaker cyphers and there probably isn't much you can do about it except write to them and explain the situation. For now, I would suggest going back to an older ssh client. 

On 8/17/2015 7:43 AM, Jude DaShiell wrote:

I need to find out which are the strong ciphers and use one of them to
generate a key set.  Even so, I'm on panix.com not shellworld.net and I
cannot update my authorized-keys file with keys using a different cipher
using ssh-copy-id.  I'll have to use garden variety ftp to do the update


_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list



--

_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list
[Index of Archives]     [Linux Speakup]     [Fedora]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]