Tagged: 

Viewing 6 reply threads
  • Author
    Posts
    • #1221 Reply
      Dan
      Guest

      ————————————————————-
      Thank you for installing packages from https://deb.myguard.nl
      You just installed openssh-server.
      Please review the configs in /etc/ssh/sshd_config.d/
      ————————————————————-
      Potentially-incompatible changes
      ================================
      Release 8.8p1 disables RSA signatures using the SHA-1 hash
      algorithm by default. This change has been made as the SHA-1
      hash algorithm is cryptographically broken. For most users,
      this change should be invisible and there is no need to
      replace ssh-rsa keys.

      If you need to connect with such a signature, you can add
      “PubkeyAcceptedAlgorithms +ssh-rsa” to your config.

      We recommend enabling RSA/SHA1 only as a stopgap measure until
      legacy implementations can be upgraded or reconfigured with
      another key type (such as ECDSA or Ed25519).
      ————————————————————–

      How to specifically overcome this issue?
      Every time I update my Ubuntu server using your repo, not the ppa from ubuntu… I got this notice.
      And I cannot login anymore.

      Using MacOS, Termius and Core Shell.

    • #1222 Reply
      Avatar of thijs eilanderThijs Eilander
      Keymaster

      If it is possible create a new ssh key without rsa/rsa1, it’s unsafe to use.
      Or add PubkeyAcceptedAlgorithms +ssh-rsa and don’t overwrite the config on upgrade

      I see debian has a recent 9.0 package in bookwork/sid, I’ll import that one soon and see how they handle this problem.

    • #1224 Reply
      Dan
      Guest

      So I just choose the default selection, thanks!
      Let me try

      imgur.com/JiUksjv

    • #1225 Reply
      Dan
      Guest

      And also added:
      PubkeyAcceptedAlgorithms +ssh-rsa

      to /etc/ssh/sshd_config

    • #1226 Reply
      Dan
      Guest

      Just an update, I’m still unable to connect.
      Just using root user and password, not a key file.

    • #1230 Reply
      Avatar of thijs eilanderThijs Eilander
      Keymaster

      Sorry, I didnt receive notifications about this thread.

      If you want to login as root, you need to change /etc/ssh/sshd_config.d/20-security.conf

    • #1231 Reply
      Avatar of thijs eilanderThijs Eilander
      Keymaster

      I just imported openssh 9.0p1 from debian, so there will be a new build soon.

Viewing 6 reply threads
Reply To: Release 8.8p1 disables RSA signatures using the SHA-1 hash algorithm by default
Your information: