[MacPorts] #70319: openssh @9.8p1 broke some key types
MacPorts
noreply at macports.org
Wed Jul 17 21:42:17 UTC 2024
#70319: openssh @9.8p1 broke some key types
------------------------+----------------------
Reporter: fhgwright | Owner: artkiver
Type: defect | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version: 2.9.3
Resolution: | Keywords:
Port: openssh |
------------------------+----------------------
Comment (by drosehn):
Replying to [comment:23 danielluke]:
> Replying to [comment:22 drosehn]:
> > Also, the feature I'm using is the one which was deprecated in 2021
(during Covid) in `OpenSSH 8.8/8.8p1 (2021-09-26)`, not back in 2015. In
2021 and 2022 I had several more important issues to worry about than an
option in `.ssh/config` (including issues that I'm not going to describe
here).
>
> 7.0 disabled dsa (2015) 8.8 disabled ssh-rsa using sha-1 signatures
(2021), 7.2 (2016) upgrades rsa keys on a host to use newer signatures.
The current release disables dsa keys deprecated in 2015.
Ah. I see that I have misunderstood what is going on. I have several
entries in my config file which match the initial post in this ticket,
which is to say that the entry in `config` includes the line:\\
`HostKeyAlgorithms +ssh-rsa,ssh-dss` \\
Thus I get the same error message that's in the original entry for this
ticket:\\
`line 25: Bad key types '+ssh-rsa,ssh-dss'.`\\
Based on the word "types", I assumed that **both** of those key types were
invalid. None of the servers I connect to actually depend on `ssh-dss`,
so people might wonder why I specified both in the config file entries.
That's because the error which comes back when I try to connect to those
servers is:\\
`Unable to negotiate with <ip_addr>: no matching host key type found.
Their offer: ssh-rsa,ssh-dss`
So I just copy&pasted that into the entries in `config`. As long as `ssh-
rsa` is available, I don't actually **need** `ssh-dss` for anything. And
I have just confirmed that I can connect to all these servers once I
remove the request for type `ssh-dss`. So it looks like the only problem
for me is that I was specifying an option I didn't actually need. Maybe
there are other people who have followed the same path I did.
--
Ticket URL: <https://trac.macports.org/ticket/70319#comment:24>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list