home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.os.linux      Getting to be as bloated as Windows!      107,822 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 106,398 of 107,822   
   Richard Kettlewell to Java Jive   
   Re: Can log in to server using public ke   
   26 Aug 24 08:47:00   
   
   XPost: uk.comp.os.linux   
   From: invalid@invalid.invalid   
      
   Java Jive  writes:   
   > This is what the failure looks like from the server with maximum   
   > debugging options:   
   [...]   
      
   Server is OpenSSH 5.9p1:   
      
   > debug1: sshd version OpenSSH_5.9p1   
   > debug3: Incorrect RSA1 identifier   
      
   Server has (among others) an ECDSA host key.   
      
   Client is OpenSSH 8.9p1:   
      
   > debug1: Client protocol version 2.0; client software version OpenSSH_8.9p1   
   Ubuntu-3ubuntu0.10   
      
   Server’s supported host key mechanisms:   
      
   > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp521 [preauth]   
      
   Client’s supported host key mechanisms:   
      
   > debug2: kex_parse_kexinit:   
   > ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp521,s   
   h-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@open   
   sh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,sk-ssh-ed25519-c   
   rt-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.   
   com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@open   
   sh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,sk-ss   
   -ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2   
   512,rsa-sha2-256   
      
   ecdsa-sha2-nistp521 appears in both and the server has an ECDSA host   
   key, so host key verification is possible.   
      
   The public key authentication mechanism aren’t logged but there is no   
   shared RSA mechanism - the server only has ssh-rsa (i.e. RSA with SHA-1)   
   while the client only has rsa-sha2-512 and rsa-sha2-256 (i.e. RSA with   
   SHA-512 or SHA-256).   
      
   Looking at the OpenSSH release notes:   
      
   * ssh-rsa was disabled in OpenSSH 8.7 because it’s broken;   
     your OpenSSH 8.9p1 client therefore has it disabled by default.   
   * rsa-sha2-256 and rsa-sha2-512 were added in OpenSSH 7.2;   
     your OpenSSH 5.9p1 client therefore cannot use them.   
      
   So my guess was basically right, although I’d got client and server the   
   wrong way round.   
      
   I think your options are:   
   * Upgrade the server to something from this decade; it should start   
     using one of the SHA2 mechanisms with your existing RSA keys.   
   * Create an ECDSA key on the client(s) and use that to authenticate to   
     the server.   
   * Re-enable ssh-rsa in the OpenSSH 8.9p1 client, if you don’t care about   
     security.   
      
   --   
   https://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca