Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Hiroyuki Kurokawa]

Hi,

The ssh command keeps prompting "password:" repeatedly with the latest
OpenSSH package after I started ssh-agent and registered key with
ssh-add command.
Followings are my environment.

% uname -a
CYGWIN_NT-10.0 win8 2.2.1(0.289/5/3) 2015-08-20 11:42 x86_64 Cygwin
% ssh -V
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015

If I install back the older OpenSSH package ("OpenSSH_6.9p1, OpenSSL
1.0.2d 9 Jul 2015"), then ssh prompt "password:" only once. Old
version works fine!
I confirmed that "OpenSSH_7.0p1, OpenSSL 1.0.2d 9 Jul 2015" has same
problem as "OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015".
And I can see same behavior on another machine which OS is windows7.

So, I believe the latest OpenSSH_7.1p1 & 7.0p1 have same problem.

If I miss anything, please let me know.

Best Regards,

-- 
Hiroyuki Kurokawa
kurokawh@gmail.com

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Andrey Repin]

Greetings, Hiroyuki Kurokawa!

> Hi,

> The ssh command keeps prompting "password:" repeatedly with the latest
> OpenSSH package after I started ssh-agent and registered key with
> ssh-add command.
> Followings are my environment.

> % uname -a
> CYGWIN_NT-10.0 win8 2.2.1(0.289/5/3) 2015-08-20 11:42 x86_64 Cygwin
> % ssh -V
> OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015

> If I install back the older OpenSSH package ("OpenSSH_6.9p1, OpenSSL
> 1.0.2d 9 Jul 2015"), then ssh prompt "password:" only once. Old
> version works fine!
> I confirmed that "OpenSSH_7.0p1, OpenSSL 1.0.2d 9 Jul 2015" has same
> problem as "OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015".
> And I can see same behavior on another machine which OS is windows7.

> So, I believe the latest OpenSSH_7.1p1 & 7.0p1 have same problem.

> If I miss anything, please let me know.

You miss the -vvv log from both client and server.


-- 
With best regards,
Andrey Repin
Wednesday, September 2, 2015 19:46:55

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Hiroyuki Kurokawa]

Hi,

Thanks Andrey for reply to my question.

George gave me an advice by a direct mail.
And his instruction solve my problem.

> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>
> PubkeyAcceptedKeyTypes +ssh-dss
>
> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>
> I had the same problem after the last ssh upgrade.

Now the latest ssh works fine with ~/.ssh/config which contains
"PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.

I appreciate George so much.

Best Regards,
Hiroyuki Kurokawa

2015-09-03 1:47 GMT+09:00 Andrey Repin <anrdaemon@yandex.ru>:
> Greetings, Hiroyuki Kurokawa!
>
>> Hi,
>
>> The ssh command keeps prompting "password:" repeatedly with the latest
>> OpenSSH package after I started ssh-agent and registered key with
>> ssh-add command.
>> Followings are my environment.
>
>> % uname -a
>> CYGWIN_NT-10.0 win8 2.2.1(0.289/5/3) 2015-08-20 11:42 x86_64 Cygwin
>> % ssh -V
>> OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
>
>> If I install back the older OpenSSH package ("OpenSSH_6.9p1, OpenSSL
>> 1.0.2d 9 Jul 2015"), then ssh prompt "password:" only once. Old
>> version works fine!
>> I confirmed that "OpenSSH_7.0p1, OpenSSL 1.0.2d 9 Jul 2015" has same
>> problem as "OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015".
>> And I can see same behavior on another machine which OS is windows7.
>
>> So, I believe the latest OpenSSH_7.1p1 & 7.0p1 have same problem.
>
>> If I miss anything, please let me know.
>
> You miss the -vvv log from both client and server.
>
>
> --
> With best regards,
> Andrey Repin
> Wednesday, September 2, 2015 19:46:55
>
> Sorry for my terrible english...
>



-- 
黒川裕之
kurokawh@gmail.com

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Andrey Repin]

Greetings, Hiroyuki Kurokawa!

> Thanks Andrey for reply to my question.

> George gave me an advice by a direct mail.
> And his instruction solve my problem.

>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>
>> PubkeyAcceptedKeyTypes +ssh-dss
>>
>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>
>> I had the same problem after the last ssh upgrade.

> Now the latest ssh works fine with ~/.ssh/config which contains
> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.

> I appreciate George so much.

This is not the right solution. Right solution would be to change your keys.
While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
systems enforce DSA key length to 1024 bits, which is considered to be weak
nowadays. You CAN use longer DSA keys, but not all systems support it.


-- 
With best regards,
Andrey Repin
Thursday, September 3, 2015 06:46:29

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Hiroyuki Kurokawa]

Hi Andrey,

> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.

I created a new 2048-bit RSA key and confirmed that ssh works fine with
this key & latest OpenSSH package without PubkeyAcceptedKeyTypes configuration.

Thanks,
Hiroyuki Kurokawa


2015-09-03 12:48 GMT+09:00 Andrey Repin <anrdaemon@yandex.ru>:
> Greetings, Hiroyuki Kurokawa!
>
>> Thanks Andrey for reply to my question.
>
>> George gave me an advice by a direct mail.
>> And his instruction solve my problem.
>
>>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>>
>>> PubkeyAcceptedKeyTypes +ssh-dss
>>>
>>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>>
>>> I had the same problem after the last ssh upgrade.
>
>> Now the latest ssh works fine with ~/.ssh/config which contains
>> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
>
>> I appreciate George so much.
>
> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.
>
>
> --
> With best regards,
> Andrey Repin
> Thursday, September 3, 2015 06:46:29
>
> Sorry for my terrible english...
>



-- 
黒川裕之
kurokawh@gmail.com

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.

[Andrew DeFaria]

On 09/02/2015 08:48 PM, Andrey Repin wrote:
> Greetings, Hiroyuki Kurokawa!
>
>> Thanks Andrey for reply to my question.
>
>> George gave me an advice by a direct mail.
>> And his instruction solve my problem.
>
>>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
>>>
>>> PubkeyAcceptedKeyTypes +ssh-dss
>>>
>>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
>>>
>>> I had the same problem after the last ssh upgrade.
>
>> Now the latest ssh works fine with ~/.ssh/config which contains
>> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
>
>> I appreciate George so much.
>
> This is not the right solution. Right solution would be to change your keys.
> While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
> systems enforce DSA key length to 1024 bits, which is considered to be weak
> nowadays. You CAN use longer DSA keys, but not all systems support it.

Or perhaps use ecdsa? ssh-keygen -t ecdsa

-- 
<a href="http://defaria.com">Andrew DeFaria</a><br>
<a href="http://clearscm.com">ClearSCM, Inc.</a><br>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple