Mail Archives: cygwin/2015/09/03/01:57:47

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/09/03/01:57:47

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:date

:message-id:subject:from:to:content-type

:content-transfer-encoding; q=dns; s=default; b=kro4AZSyNSeQLYB/

zgWYgwYfFm5H8Own0R6ufazE7+Dx0EVx5fFaTeRZDKMDkgk1C0Z2e8bLx+Sl4fhO

Uo+j8JvVzxfHkx2v0xgK+tTaWfZzVC4M6M5lA9P2eXalbOi0qDM2fm6tbSllTOZg

4fKRk1TjCon2YHABLJjFJdJdin0=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:date

:message-id:subject:from:to:content-type

:content-transfer-encoding; s=default; bh=vn5T/KxI6mtWsNlt9inWRU

cDx3s=; b=bRh5dH8lwxxmmqEhGl8VcVQTy7SXXC1Xm6phnZsLyXfuCRd4n5/AI4

IWvZEdcvWmnXJTa03uFFtlPP2BailybziPmNll8YzDXgZm4Ii6+7/ov9M4e9mPLR

CEwLG1PK/9DZLQ5f71qaAhFmqXMXCeAIozB5zlnFby9UcjpED2nVk=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,BODY_8BITS,FREEMAIL_FROM,GARBLED_BODY,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2

X-HELO: mail-ob0-f175.google.com

MIME-Version: 1.0

X-Received: by 10.182.60.230 with SMTP id k6mr25406712obr.83.1441259848241; Wed, 02 Sep 2015 22:57:28 -0700 (PDT)

In-Reply-To: <833769153.20150903064857@yandex.ru>

References: <CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ AT mail DOT gmail DOT com> <779534835 DOT 20150902194715 AT yandex DOT ru> <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ AT mail DOT gmail DOT com> <833769153 DOT 20150903064857 AT yandex DOT ru>

Date: Thu, 3 Sep 2015 14:57:28 +0900

Message-ID: <CABs5vS5ipP2R1ZHM8=5RC4Gv7Bww+c3-_8ng9tUvd9AswXzgLA@mail.gmail.com>

Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

From: Hiroyuki Kurokawa <kurokawh AT gmail DOT com>

To: cygwin AT cygwin DOT com

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t835vhII022282

Hi Andrey,

> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.

I created a new 2048-bit RSA key and confirmed that ssh works fine with
this key & latest OpenSSH package without PubkeyAcceptedKeyTypes configuration.

Thanks,
Hiroyuki Kurokawa


2015-09-03 12:48 GMT+09:00 Andrey Repin <anrdaemon AT yandex DOT ru>:
> Greetings, Hiroyuki Kurokawa!
>
>> Thanks Andrey for reply to my question.
>
>> George gave me an advice by a direct mail.
>> And his instruction solve my problem.
>
>>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>>
>>> PubkeyAcceptedKeyTypes +ssh-dss
>>>
>>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>>
>>> I had the same problem after the last ssh upgrade.
>
>> Now the latest ssh works fine with ~/.ssh/config which contains
>> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
>
>> I appreciate George so much.
>
> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.
>
>
> --
> With best regards,
> Andrey Repin
> Thursday, September 3, 2015 06:46:29
>
> Sorry for my terrible english...
>



-- 
é»’å·è£•ä¹‹
kurokawh AT gmail DOT com

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:content-type
	:content-transfer-encoding; q=dns; s=default; b=kro4AZSyNSeQLYB/
	zgWYgwYfFm5H8Own0R6ufazE7+Dx0EVx5fFaTeRZDKMDkgk1C0Z2e8bLx+Sl4fhO
	Uo+j8JvVzxfHkx2v0xgK+tTaWfZzVC4M6M5lA9P2eXalbOi0qDM2fm6tbSllTOZg
	4fKRk1TjCon2YHABLJjFJdJdin0=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:content-type
	:content-transfer-encoding; s=default; bh=vn5T/KxI6mtWsNlt9inWRU
	cDx3s=; b=bRh5dH8lwxxmmqEhGl8VcVQTy7SXXC1Xm6phnZsLyXfuCRd4n5/AI4
	IWvZEdcvWmnXJTa03uFFtlPP2BailybziPmNll8YzDXgZm4Ii6+7/ov9M4e9mPLR
	CEwLG1PK/9DZLQ5f71qaAhFmqXMXCeAIozB5zlnFby9UcjpED2nVk=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,BODY_8BITS,FREEMAIL_FROM,GARBLED_BODY,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2
X-HELO:	mail-ob0-f175.google.com
MIME-Version:	1.0
X-Received:	by 10.182.60.230 with SMTP id k6mr25406712obr.83.1441259848241; Wed, 02 Sep 2015 22:57:28 -0700 (PDT)
In-Reply-To:	<833769153.20150903064857@yandex.ru>
References:	<CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ AT mail DOT gmail DOT com> <779534835 DOT 20150902194715 AT yandex DOT ru> <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ AT mail DOT gmail DOT com> <833769153 DOT 20150903064857 AT yandex DOT ru>
Date:	Thu, 3 Sep 2015 14:57:28 +0900
Message-ID:	<CABs5vS5ipP2R1ZHM8=5RC4Gv7Bww+c3-_8ng9tUvd9AswXzgLA@mail.gmail.com>
Subject:	Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
From:	Hiroyuki Kurokawa <kurokawh AT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id t835vhII022282