openssh update broke connectivity

Jude DaShiell jdashiel at panix.com
Tue Aug 18 14:51:38 UTC 2015 

>From what I read in the release notes on openssh.com, dsa and rsa and a 
whole bunch of other ciphers were depricated.  The ssh-keygen program 
and man page both need updating to reflect these changes.  In the past, 
I had generated a key set then copied the key up using ssh-copy-id and I 
was able to log in after that with ssh.  One thing I don't quite 
understand in the release notes is a public key (my guess is generated 
by gnupg) will be needed to use openssh at all.  I hope not since gpg is 
its own drum of worms and it wasn't explained how to integrate the keys 
in those release notes either unless I heard the explanation and didn't 
understand it.

On Tue, 18 Aug 2015, Tony Baechler wrote:

> Date: Tue, 18 Aug 2015 05:11:17
> From: Tony Baechler <tony at baechler.net>
> Reply-To: Linux for blind general discussion <blinux-list at redhat.com>
> To: Linux for blind general discussion <blinux-list at redhat.com>
> Subject: Re: openssh update broke connectivity
> 
> OK, shellworld was the wrong host, but the information still applies.  Even 
> generating new keys might not solve the problem.  You probably have to edit 
> ssh_config to allow the weaker cyphers or downgrade your ssh client.  I would 
> suggest asking them to upgrade their sshd or to generate stronger host keys. 
> The change log clearly explains this in much more detail.
>
> No, you should be able to use password authentication, so you should not use 
> plain, unsecure ftp except in an emergency.  That's assuming they allow 
> password authentication which is the default in most cases.  You can still 
> use rsync or ssh to connect with a regular password.  Since it won't connect 
> and isn't asking you for a password, this makes me think the problem is with 
> their sshd using weaker cyphers and there probably isn't much you can do 
> about it except write to them and explain the situation.  For now, I would 
> suggest going back to an older ssh client.
>
> On 8/17/2015 7:43 AM, Jude DaShiell wrote:
>> I need to find out which are the strong ciphers and use one of them to
>> generate a key set.  Even so, I'm on panix.com not shellworld.net and I
>> cannot update my authorized-keys file with keys using a different cipher
>> using ssh-copy-id.  I'll have to use garden variety ftp to do the update
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list
>

--

More information about the Blinux-list mailing list