Tagged: openssh
- This topic has 10 replies, 1 voice, and was last updated 5 months, 3 weeks ago by Thijs Eilander.
-
AuthorPosts
-
-
DanGuest
————————————————————-
Thank you for installing packages from https://deb.myguard.nl
You just installed openssh-server.
Please review the configs in /etc/ssh/sshd_config.d/
————————————————————-
Potentially-incompatible changes
================================
Release 8.8p1 disables RSA signatures using the SHA-1 hash
algorithm by default. This change has been made as the SHA-1
hash algorithm is cryptographically broken. For most users,
this change should be invisible and there is no need to
replace ssh-rsa keys.If you need to connect with such a signature, you can add
“PubkeyAcceptedAlgorithms +ssh-rsa” to your config.We recommend enabling RSA/SHA1 only as a stopgap measure until
legacy implementations can be upgraded or reconfigured with
another key type (such as ECDSA or Ed25519).
————————————————————–How to specifically overcome this issue?
Every time I update my Ubuntu server using your repo, not the ppa from ubuntu… I got this notice.
And I cannot login anymore.Using MacOS, Termius and Core Shell.
-
Thijs EilanderKeymaster
If it is possible create a new ssh key without rsa/rsa1, it’s unsafe to use.
Or add PubkeyAcceptedAlgorithms +ssh-rsa and don’t overwrite the config on upgradeI see debian has a recent 9.0 package in bookwork/sid, I’ll import that one soon and see how they handle this problem.
-
DanGuest
So I just choose the default selection, thanks!
Let me tryimgur.com/JiUksjv
-
DanGuest
And also added:
PubkeyAcceptedAlgorithms +ssh-rsato /etc/ssh/sshd_config
-
DanGuest
Just an update, I’m still unable to connect.
Just using root user and password, not a key file. -
Thijs EilanderKeymaster
Sorry, I didnt receive notifications about this thread.
If you want to login as root, you need to change /etc/ssh/sshd_config.d/20-security.conf
-
Thijs EilanderKeymaster
I just imported openssh 9.0p1 from debian, so there will be a new build soon.
-
DanGuest
So I should use the default selection:
[img]https://i.imgur.com/JiUksjv.png[/img]Thanks, let me try.
-
Thijs EilanderKeymaster
I discontinue the building of OpenSSH, it does not really fit the scope of my project as I don’t need anything changed from the stock OpenSSH. And since a while it doesn’t play nice with systemd. It’s a load of work to maintain openssh while I don’t need changes.
-
DanGuest
Hi,
I can still see it’s still included in your edge repo:
http://edge.deb.myguard.nl:8888 -
Thijs EilanderKeymaster
Thanks for reminding ;-) I was about to trash that repo completely but instead I got to use it for testing again.
I’ll take a look at it later
-
-
AuthorPosts