X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; q=dns; s=default; b=EeZ1UPdrN3f0VhlKJOM2IjxtRlAEiX
	HS/RHDSGCixyEHBpmOzttAGCCFBqZe/8EdjIeq+z/aLJUiIiuusCM64K0Vx9vKUQ
	ebFQQyI+nSW8eBjti+DweLtOWi6fhpP2Nv4CTxsfOJaZhUlsxJ1Ek0nbvpv4LT25
	1Zy3rMhTMmC+Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; s=default; bh=wUrHsBdQlt7KXJhL71rS/PQ9+9Y=; b=vOTK
	Gtleqjx7wolwXT/tk/WSO76ii9V1fZaKMA52fzW94YNePquMwdAqIWr5uqQtDjOH
	azyyFrqsW+7DRxtEFxuWRzoMhBBhls4VeF6yp1cVhBU3TObwzqnvGugMhyFdMy+o
	65CV3MmV6T0uKO8H26GCg41VkYpHQ+GgdxSN6Tw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.9 required=5.0 tests=AWL,BAYES_50,FSL_HELO_BARE_IP_2,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2
X-HELO: plane.gmane.org
To: cygwin AT cygwin DOT com
From: Andrew DeFaria <Andrew AT DeFaria DOT com>
Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
Date: Tue, 8 Sep 2015 12:43:55 -0700
Lines: 31
Message-ID: <msndpq$j1o$1@ger.gmane.org>
References: <CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ AT mail DOT gmail DOT com> <779534835 DOT 20150902194715 AT yandex DOT ru> <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ AT mail DOT gmail DOT com> <833769153 DOT 20150903064857 AT yandex DOT ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <833769153.20150903064857@yandex.ru>
X-IsSubscribed: yes

On 09/02/2015 08:48 PM, Andrey Repin wrote:
> Greetings, Hiroyuki Kurokawa!
>
>> Thanks Andrey for reply to my question.
>
>> George gave me an advice by a direct mail.
>> And his instruction solve my problem.
>
>>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>>
>>> PubkeyAcceptedKeyTypes +ssh-dss
>>>
>>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>>
>>> I had the same problem after the last ssh upgrade.
>
>> Now the latest ssh works fine with ~/.ssh/config which contains
>> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
>
>> I appreciate George so much.
>
> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.

Or perhaps use ecdsa? ssh-keygen -t ecdsa

-- 
<a href="http://defaria.com">Andrew DeFaria</a><br>
<a href="http://clearscm.com">ClearSCM, Inc.</a><br>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple