From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 45583 invoked by alias); 3 Sep 2015 05:57:32 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 45573 invoked by uid 89); 3 Sep 2015 05:57:31 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: Yes, score=5.5 required=5.0 tests=AWL,BAYES_50,BODY_8BITS,FREEMAIL_FROM,GARBLED_BODY,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 X-HELO: mail-ob0-f175.google.com Received: from mail-ob0-f175.google.com (HELO mail-ob0-f175.google.com) (209.85.214.175) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Thu, 03 Sep 2015 05:57:30 +0000 Received: by obbbh8 with SMTP id bh8so27044410obb.0 for ; Wed, 02 Sep 2015 22:57:28 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.60.230 with SMTP id k6mr25406712obr.83.1441259848241; Wed, 02 Sep 2015 22:57:28 -0700 (PDT) Received: by 10.202.173.147 with HTTP; Wed, 2 Sep 2015 22:57:28 -0700 (PDT) In-Reply-To: <833769153.20150903064857@yandex.ru> References: <779534835.20150902194715@yandex.ru> <833769153.20150903064857@yandex.ru> Date: Thu, 03 Sep 2015 05:57:00 -0000 Message-ID: Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package. From: Hiroyuki Kurokawa To: cygwin@cygwin.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2015-09/txt/msg00045.txt.bz2 Hi Andrey, > This is not the right solution. Right solution would be to change your ke= ys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be we= ak > nowadays. You CAN use longer DSA keys, but not all systems support it. I created a new 2048-bit RSA key and confirmed that ssh works fine with this key & latest OpenSSH package without PubkeyAcceptedKeyTypes configurat= ion. Thanks, Hiroyuki Kurokawa 2015-09-03 12:48 GMT+09:00 Andrey Repin : > Greetings, Hiroyuki Kurokawa! > >> Thanks Andrey for reply to my question. > >> George gave me an advice by a direct mail. >> And his instruction solve my problem. > >>> If you use dsa key type, you need to add to your ssh client configurati= on file, either ~/.ssh/config or /etc/ssh_config, the following parameter: >>> >>> PubkeyAcceptedKeyTypes +ssh-dss >>> >>> If you use some other key type, then 'ssh -Q key' will list all support= ed key types, pick the right one and put it into config file instead of ssh= -dss. >>> >>> I had the same problem after the last ssh upgrade. > >> Now the latest ssh works fine with ~/.ssh/config which contains >> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA. > >> I appreciate George so much. > > This is not the right solution. Right solution would be to change your ke= ys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be we= ak > nowadays. You CAN use longer DSA keys, but not all systems support it. > > > -- > With best regards, > Andrey Repin > Thursday, September 3, 2015 06:46:29 > > Sorry for my terrible english... > --=20 =E9=BB=92=E5=B7=9D=E8=A3=95=E4=B9=8B kurokawh@gmail.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple