| 1 |
On 24 February 2011 13:17, dhk <dhkuhl@×××××××××.net> wrote: |
| 2 |
> On 02/23/2011 03:42 AM, Joost Roeleveld wrote: |
| 3 |
>> On Tuesday 22 February 2011 14:51:31 Mick wrote: |
| 4 |
>>> On 22 February 2011 14:19, <dhkuhl@×××××××××.net> wrote: |
| 5 |
>>>> ----- Original Message ----- |
| 6 |
>>>> From: Mick |
| 7 |
>>>> |
| 8 |
>>>>> There was a change in the default ssh encryption algorithm. You may |
| 9 |
>>>>> want to check if that is causing the problem. |
| 10 |
>>>> |
| 11 |
>>>> How would I do that? |
| 12 |
>>> |
| 13 |
>>> By examining your config files? Previously your keys would be in |
| 14 |
>>> ~/.ssh/id_dsa[rsa].pub, but now with ECDSA being the default they |
| 15 |
>>> would be in ~/.ssh/id_ecdsa.pub |
| 16 |
>>> |
| 17 |
>>> I recall something being mentioned in the elog asking to regenerate |
| 18 |
>>> the key-pair. |
| 19 |
>>> |
| 20 |
>>> HTH. |
| 21 |
>> |
| 22 |
>> If this is the case, you could try speciying your key on the command-line |
| 23 |
>> using the "-i" flag: |
| 24 |
>> |
| 25 |
>> # ssh -i .ssh/id_dsa.pub <host....> |
| 26 |
>> |
| 27 |
>> Replace the file with the one on your machine. |
| 28 |
>> |
| 29 |
>> HTH, |
| 30 |
>> |
| 31 |
>> Joost |
| 32 |
>> |
| 33 |
>> |
| 34 |
> |
| 35 |
> I still haven't gotten this to work. Am I the only one using this? The |
| 36 |
> "ssh -i .ssh/id_dsa.pub host" didn't work. I get a message "Read from |
| 37 |
> socket failed: Connection reset by peer" with or without the -i option. |
| 38 |
> |
| 39 |
> When I re-emerged openssh the following output is displayed. |
| 40 |
> |
| 41 |
> # emerge openssh |
| 42 |
> Calculating dependencies... done! |
| 43 |
>>>> Verifying ebuild manifests |
| 44 |
>>>> Emerging (1 of 1) net-misc/openssh-5.8_p1-r1 |
| 45 |
>>>> Installing (1 of 1) net-misc/openssh-5.8_p1-r1 |
| 46 |
>>>> Jobs: 1 of 1 complete Load avg: 2.80, |
| 47 |
> 1.95, 1.43 |
| 48 |
> |
| 49 |
> * Messages for package net-misc/openssh-5.8_p1-r1: |
| 50 |
> |
| 51 |
> * Starting with openssh-5.8p1, the server will default to a newer key |
| 52 |
> * algorithm (ECDSA). You are encouraged to manually update your stored |
| 53 |
> * keys list as servers update theirs. See ssh-keyscan(1) for more info. |
| 54 |
> * Remember to merge your config files in /etc/ssh/ and then |
| 55 |
> * reload sshd: '/etc/init.d/sshd reload'. |
| 56 |
> * Please be aware users need a valid shell in /etc/passwd |
| 57 |
> * in order to be allowed to login. |
| 58 |
>>>> Auto-cleaning packages... |
| 59 |
> |
| 60 |
>>>> No outdated packages were found on your system. |
| 61 |
> |
| 62 |
> * GNU info directory index is up-to-date. |
| 63 |
> |
| 64 |
> The ssh-keyscan man page hasn't helped. |
| 65 |
> |
| 66 |
> As of now I can only log in from older systems. |
| 67 |
|
| 68 |
This would imply that your older (rsa/dsa) server keys still work. |
| 69 |
|
| 70 |
What have you changed on your Gentoo client? |
| 71 |
|
| 72 |
Have you tried using ssh user@host to login with? |
| 73 |
-- |
| 74 |
Regards, |
| 75 |
Mick |
Archives