X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=yi+nQX4YtCoVsfFa
	bj8qCb16QE/5L6vzLqCVx7Xc3uaAMEQddU3VbEKtiUOugHAiiGCKxBXJBwcTcM10
	gS1oxGc4tANLCHDtwlH49Goaha9UaBQmP2AP8WKimtEc1DXCFyeY2Znj35ObCBHP
	JAi5mRnVmlHnjO4Ahg15/S0Jc5k=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=4bHsmhC2/43XLlt4fq+jM5
	4nGWc=; b=oZ1vhkYZDrhzQtnNwNmdO+uyr3IKA6c4zuAArYoJeYKViGpFTt+H0h
	cQ8qQjC81G6Um+5VKKUqCkUNRcn/jRQ54sSyudTG5M2TPPYjlvX0y8apuU7Ik8D6
	+dXUdbjQgrIs5HHOLx2E0fG0IePxgkQuM7vV0GaerbyBKSOB7HVFE=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_99,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2
X-HELO: smtp.ht-systems.ru
Date: Thu, 3 Sep 2015 06:48:57 +0300
From: Andrey Repin <anrdaemon@yandex.ru>
Reply-To: cygwin@cygwin.com
Message-ID: <833769153.20150903064857@yandex.ru>
To: Hiroyuki Kurokawa <kurokawh@gmail.com>, cygwin@cygwin.com
Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
In-Reply-To: <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ@mail.gmail.com>
References: <CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ@mail.gmail.com>   <779534835.20150902194715@yandex.ru>  <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greetings, Hiroyuki Kurokawa!

> Thanks Andrey for reply to my question.

> George gave me an advice by a direct mail.
> And his instruction solve my problem.

>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>
>> PubkeyAcceptedKeyTypes +ssh-dss
>>
>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>
>> I had the same problem after the last ssh upgrade.

> Now the latest ssh works fine with ~/.ssh/config which contains
> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.

> I appreciate George so much.

This is not the right solution. Right solution would be to change your keys.
While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
systems enforce DSA key length to 1024 bits, which is considered to be weak
nowadays. You CAN use longer DSA keys, but not all systems support it.


-- 
With best regards,
Andrey Repin
Thursday, September 3, 2015 06:46:29

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple