From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 101372 invoked by alias); 3 Sep 2015 03:50:16 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 101323 invoked by uid 89); 3 Sep 2015 03:50:11 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_99,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Received: from smtp.ht-systems.ru (HELO smtp.ht-systems.ru) (78.110.50.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 03 Sep 2015 03:50:09 +0000 Received: from [95.165.144.62] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) (Authenticated sender: postmaster@rootdir.org) id 1ZXLXH-0005Dt-2m ; Thu, 03 Sep 2015 06:50:03 +0300 Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Thu, 03 Sep 2015 03:48:57 -0000 Date: Thu, 03 Sep 2015 03:50:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <833769153.20150903064857@yandex.ru> To: Hiroyuki Kurokawa , cygwin@cygwin.com Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package. In-Reply-To: References: <779534835.20150902194715@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-09/txt/msg00044.txt.bz2 Greetings, Hiroyuki Kurokawa! > Thanks Andrey for reply to my question. > George gave me an advice by a direct mail. > And his instruction solve my problem. >> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter: >> >> PubkeyAcceptedKeyTypes +ssh-dss >> >> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss. >> >> I had the same problem after the last ssh upgrade. > Now the latest ssh works fine with ~/.ssh/config which contains > "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA. > I appreciate George so much. This is not the right solution. Right solution would be to change your keys. While DSA keys aren't inherently insecure (quite opposite), FIPS compliant systems enforce DSA key length to 1024 bits, which is considered to be weak nowadays. You CAN use longer DSA keys, but not all systems support it. -- With best regards, Andrey Repin Thursday, September 3, 2015 06:46:29 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple