1 |
On 11/14/2015 04:11 AM, Mick wrote: |
2 |
[snip] |
3 |
> |
4 |
> Since openssh-7.0 DSS keys are disabled and about time too! |
5 |
> |
6 |
> ========================================================== |
7 |
> if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 |
8 |
> elog "Starting with openssh-7.0, support for ssh-dss keys were |
9 |
> disabled due to their" |
10 |
> elog "weak sizes. If you rely on these key types, you can re-enable |
11 |
> the key types by" |
12 |
> elog "adding to your sshd_config:" |
13 |
> elog " PubkeyAcceptedKeyTypes=+ssh-dss" |
14 |
> elog "You should however generate new keys using rsa or ed25519." |
15 |
> fi |
16 |
> ========================================================== |
17 |
> |
18 |
> |
19 |
> Also SHA1 hashes are disabled and you will get errors like these when you try |
20 |
> to login to a server which is still using deprecated ciphers: |
21 |
> |
22 |
> Unable to negotiate with XXX.XX.XXX.X: no matching host key type found. Their |
23 |
> offer: ssh-dss |
24 |
> |
25 |
> Unable to negotiate with XXX.XX.XXX.X: no matching key exchange method found. |
26 |
> Their offer: diffie-hellman-group1-sha1 |
27 |
> |
28 |
> If this is within your LAN and therefore relatively protected, you could |
29 |
> specify deprecated ciphers and hashes like so: |
30 |
> |
31 |
> ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss |
32 |
> my_user@××××××.XXX.X |
33 |
> |
34 |
> |
35 |
> Alternatively, after you create a strong prime: |
36 |
> |
37 |
> ssh-keygen -t rsa -b 4096 |
38 |
> |
39 |
> |
40 |
> or probably better to use ed25519: |
41 |
> |
42 |
> ssh-keygen -t ed25519 |
43 |
> |
44 |
> HTH. |
45 |
|
46 |
The only software that uses ssh-dss key and I need is nxserver. |
47 |
|
48 |
I just added a line to my: sshd_config |
49 |
PubkeyAcceptedKeyTypes=+ssh-dss |
50 |
|
51 |
restarted "sshd and nxserver" but I nxserver still doesn't work, |
52 |
running: nxsetup --test (I get): |
53 |
|
54 |
----> Testing your nxserver connection ... |
55 |
Permission denied (publickey,password,keyboard-interactive). |
56 |
Fatal error: Could not connect to NX Server. |
57 |
|
58 |
-- |
59 |
Thelma |