X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type :content-transfer-encoding; q=dns; s=default; b=kro4AZSyNSeQLYB/ zgWYgwYfFm5H8Own0R6ufazE7+Dx0EVx5fFaTeRZDKMDkgk1C0Z2e8bLx+Sl4fhO Uo+j8JvVzxfHkx2v0xgK+tTaWfZzVC4M6M5lA9P2eXalbOi0qDM2fm6tbSllTOZg 4fKRk1TjCon2YHABLJjFJdJdin0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type :content-transfer-encoding; s=default; bh=vn5T/KxI6mtWsNlt9inWRU cDx3s=; b=bRh5dH8lwxxmmqEhGl8VcVQTy7SXXC1Xm6phnZsLyXfuCRd4n5/AI4 IWvZEdcvWmnXJTa03uFFtlPP2BailybziPmNll8YzDXgZm4Ii6+7/ov9M4e9mPLR CEwLG1PK/9DZLQ5f71qaAhFmqXMXCeAIozB5zlnFby9UcjpED2nVk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,BODY_8BITS,FREEMAIL_FROM,GARBLED_BODY,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 X-HELO: mail-ob0-f175.google.com MIME-Version: 1.0 X-Received: by 10.182.60.230 with SMTP id k6mr25406712obr.83.1441259848241; Wed, 02 Sep 2015 22:57:28 -0700 (PDT) In-Reply-To: <833769153.20150903064857@yandex.ru> References: <779534835 DOT 20150902194715 AT yandex DOT ru> <833769153 DOT 20150903064857 AT yandex DOT ru> Date: Thu, 3 Sep 2015 14:57:28 +0900 Message-ID: Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package. From: Hiroyuki Kurokawa To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t835vhII022282 Hi Andrey, > This is not the right solution. Right solution would be to change your keys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be weak > nowadays. You CAN use longer DSA keys, but not all systems support it. I created a new 2048-bit RSA key and confirmed that ssh works fine with this key & latest OpenSSH package without PubkeyAcceptedKeyTypes configuration. Thanks, Hiroyuki Kurokawa 2015-09-03 12:48 GMT+09:00 Andrey Repin : > Greetings, Hiroyuki Kurokawa! > >> Thanks Andrey for reply to my question. > >> George gave me an advice by a direct mail. >> And his instruction solve my problem. > >>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter: >>> >>> PubkeyAcceptedKeyTypes +ssh-dss >>> >>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss. >>> >>> I had the same problem after the last ssh upgrade. > >> Now the latest ssh works fine with ~/.ssh/config which contains >> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA. > >> I appreciate George so much. > > This is not the right solution. Right solution would be to change your keys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be weak > nowadays. You CAN use longer DSA keys, but not all systems support it. > > > -- > With best regards, > Andrey Repin > Thursday, September 3, 2015 06:46:29 > > Sorry for my terrible english... > -- 黒川裕之 kurokawh AT gmail DOT com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple