[Dan]

————————————————————-
Thank you for installing packages from https://deb.myguard.nl
You just installed openssh-server.
Please review the configs in /etc/ssh/sshd_config.d/
————————————————————-
Potentially-incompatible changes
================================
Release 8.8p1 disables RSA signatures using the SHA-1 hash
algorithm by default. This change has been made as the SHA-1
hash algorithm is cryptographically broken. For most users,
this change should be invisible and there is no need to
replace ssh-rsa keys.

If you need to connect with such a signature, you can add
“PubkeyAcceptedAlgorithms +ssh-rsa” to your config.

We recommend enabling RSA/SHA1 only as a stopgap measure until
legacy implementations can be upgraded or reconfigured with
another key type (such as ECDSA or Ed25519).
————————————————————–

How to specifically overcome this issue?
Every time I update my Ubuntu server using your repo, not the ppa from ubuntu… I got this notice.
And I cannot login anymore.

Using MacOS, Termius and Core Shell.

[Thijs Eilander]

If it is possible create a new ssh key without rsa/rsa1, it’s unsafe to use.
Or add PubkeyAcceptedAlgorithms +ssh-rsa and don’t overwrite the config on upgrade

I see debian has a recent 9.0 package in bookwork/sid, I’ll import that one soon and see how they handle this problem.

[Dan]

So I just choose the default selection, thanks!
Let me try

imgur.com/JiUksjv

[Dan]

And also added:
PubkeyAcceptedAlgorithms +ssh-rsa

to /etc/ssh/sshd_config

[Dan]

Just an update, I’m still unable to connect.
Just using root user and password, not a key file.

[Thijs Eilander]

Sorry, I didnt receive notifications about this thread.

If you want to login as root, you need to change /etc/ssh/sshd_config.d/20-security.conf

[Thijs Eilander]

I just imported openssh 9.0p1 from debian, so there will be a new build soon.

[Dan]

So I should use the default selection:
[img]https://i.imgur.com/JiUksjv.png[/img]
https://imgur.com/JiUksjv

Thanks, let me try.

[Author]

Posts