X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; q=dns; s=default; b=EeZ1UPdrN3f0VhlKJOM2IjxtRlAEiX
	HS/RHDSGCixyEHBpmOzttAGCCFBqZe/8EdjIeq+z/aLJUiIiuusCM64K0Vx9vKUQ
	ebFQQyI+nSW8eBjti+DweLtOWi6fhpP2Nv4CTxsfOJaZhUlsxJ1Ek0nbvpv4LT25
	1Zy3rMhTMmC+Q=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; s=default; bh=wUrHsBdQlt7KXJhL71rS/PQ9+9Y=; b=vOTK
	Gtleqjx7wolwXT/tk/WSO76ii9V1fZaKMA52fzW94YNePquMwdAqIWr5uqQtDjOH
	azyyFrqsW+7DRxtEFxuWRzoMhBBhls4VeF6yp1cVhBU3TObwzqnvGugMhyFdMy+o
	65CV3MmV6T0uKO8H26GCg41VkYpHQ+GgdxSN6Tw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.9 required=5.0 tests=AWL,BAYES_50,FSL_HELO_BARE_IP_2,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Andrew DeFaria <Andrew AT DeFaria DOT com>
Subject:	Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
Date:	Tue, 8 Sep 2015 12:43:55 -0700
Lines:	31
Message-ID:	<msndpq$j1o$1@ger.gmane.org>
References:	<CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ AT mail DOT gmail DOT com> <779534835 DOT 20150902194715 AT yandex DOT ru> <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ AT mail DOT gmail DOT com> <833769153 DOT 20150903064857 AT yandex DOT ru>
Mime-Version:	1.0
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To:	<833769153.20150903064857@yandex.ru>
X-IsSubscribed:	yes

On 09/02/2015 08:48 PM, Andrey Repin wrote:
> Greetings, Hiroyuki Kurokawa!
>
>> Thanks Andrey for reply to my question.
>
>> George gave me an advice by a direct mail.
>> And his instruction solve my problem.
>
>>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>>
>>> PubkeyAcceptedKeyTypes +ssh-dss
>>>
>>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>>
>>> I had the same problem after the last ssh upgrade.
>
>> Now the latest ssh works fine with ~/.ssh/config which contains
>> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
>
>> I appreciate George so much.
>
> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.

Or perhaps use ecdsa? ssh-keygen -t ecdsa

-- 
<a href="http://defaria.com">Andrew DeFaria</a><br>
<a href="http://clearscm.com">ClearSCM, Inc.</a><br>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -