openssh update broke connectivity
Jude DaShiell
jdashiel at panix.com
Tue Aug 18 14:51:38 UTC 2015
>From what I read in the release notes on openssh.com, dsa and rsa and a
whole bunch of other ciphers were depricated. The ssh-keygen program
and man page both need updating to reflect these changes. In the past,
I had generated a key set then copied the key up using ssh-copy-id and I
was able to log in after that with ssh. One thing I don't quite
understand in the release notes is a public key (my guess is generated
by gnupg) will be needed to use openssh at all. I hope not since gpg is
its own drum of worms and it wasn't explained how to integrate the keys
in those release notes either unless I heard the explanation and didn't
understand it.
On Tue, 18 Aug 2015, Tony Baechler wrote:
> Date: Tue, 18 Aug 2015 05:11:17
> From: Tony Baechler <tony at baechler.net>
> Reply-To: Linux for blind general discussion <blinux-list at redhat.com>
> To: Linux for blind general discussion <blinux-list at redhat.com>
> Subject: Re: openssh update broke connectivity
>
> OK, shellworld was the wrong host, but the information still applies. Even
> generating new keys might not solve the problem. You probably have to edit
> ssh_config to allow the weaker cyphers or downgrade your ssh client. I would
> suggest asking them to upgrade their sshd or to generate stronger host keys.
> The change log clearly explains this in much more detail.
>
> No, you should be able to use password authentication, so you should not use
> plain, unsecure ftp except in an emergency. That's assuming they allow
> password authentication which is the default in most cases. You can still
> use rsync or ssh to connect with a regular password. Since it won't connect
> and isn't asking you for a password, this makes me think the problem is with
> their sshd using weaker cyphers and there probably isn't much you can do
> about it except write to them and explain the situation. For now, I would
> suggest going back to an older ssh client.
>
> On 8/17/2015 7:43 AM, Jude DaShiell wrote:
>> I need to find out which are the strong ciphers and use one of them to
>> generate a key set. Even so, I'm on panix.com not shellworld.net and I
>> cannot update my authorized-keys file with keys using a different cipher
>> using ssh-copy-id. I'll have to use garden variety ftp to do the update
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list
>
--
More information about the Blinux-list
mailing list