From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 67744 invoked by alias); 8 Sep 2015 19:44:23 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 67673 invoked by uid 89); 8 Sep 2015 19:44:23 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.9 required=5.0 tests=AWL,BAYES_50,FSL_HELO_BARE_IP_2,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 X-HELO: plane.gmane.org Received: from plane.gmane.org (HELO plane.gmane.org) (80.91.229.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 08 Sep 2015 19:44:21 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZZOoG-0008Ar-T0 for cygwin@cygwin.com; Tue, 08 Sep 2015 21:44:05 +0200 Received: from 209.237.53.3 ([209.237.53.3]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 08 Sep 2015 21:44:04 +0200 Received: from Andrew by 209.237.53.3 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 08 Sep 2015 21:44:04 +0200 To: cygwin@cygwin.com From: Andrew DeFaria Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package. Date: Tue, 08 Sep 2015 19:44:00 -0000 Message-ID: References: <779534835.20150902194715@yandex.ru> <833769153.20150903064857@yandex.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 In-Reply-To: <833769153.20150903064857@yandex.ru> X-IsSubscribed: yes X-SW-Source: 2015-09/txt/msg00129.txt.bz2 On 09/02/2015 08:48 PM, Andrey Repin wrote: > Greetings, Hiroyuki Kurokawa! > >> Thanks Andrey for reply to my question. > >> George gave me an advice by a direct mail. >> And his instruction solve my problem. > >>> If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter: >>> >>> PubkeyAcceptedKeyTypes +ssh-dss >>> >>> If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss. >>> >>> I had the same problem after the last ssh upgrade. > >> Now the latest ssh works fine with ~/.ssh/config which contains >> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA. > >> I appreciate George so much. > > This is not the right solution. Right solution would be to change your keys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be weak > nowadays. You CAN use longer DSA keys, but not all systems support it. Or perhaps use ecdsa? ssh-keygen -t ecdsa -- Andrew DeFaria
ClearSCM, Inc.
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple