On 11/14/2015 04:11 AM, Mick wrote:
[snip]
>
> Since openssh-7.0 DSS keys are disabled and about time too!
>
> ==========================================================
> if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
> elog "Starting with openssh-7.0, support for ssh-dss keys were
> disabled due to their"
> elog "weak sizes. If you rely on these key types, you can re-enable
> the key types by"
> elog "adding to your sshd_config:"
> elog " PubkeyAcceptedKeyTypes=+ssh-dss"
> elog "You should however generate new keys using rsa or ed25519."
> fi
> ==========================================================
>
>
> Also SHA1 hashes are disabled and you will get errors like these when you try
> to login to a server which is still using deprecated ciphers:
>
> Unable to negotiate with XXX.XX.XXX.X: no matching host key type found. Their
> offer: ssh-dss
>
> Unable to negotiate with XXX.XX.XXX.X: no matching key exchange method found.
> Their offer: diffie-hellman-group1-sha1
>
> If this is within your LAN and therefore relatively protected, you could
> specify deprecated ciphers and hashes like so:
>
> ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o
> HostKeyAlgorithms=+ssh-dss
> my_u...@xxx.xx.xxx.X
>
>
> Alternatively, after you create a strong prime:
>
> ssh-keygen -t rsa -b 4096
>
>
> or probably better to use ed25519:
>
> ssh-keygen -t ed25519
>
> HTH.
The only software that uses ssh-dss key and I need is nxserver.
I just added a line to my: sshd_config
PubkeyAcceptedKeyTypes=+ssh-dss
restarted "sshd and nxserver" but I nxserver still doesn't work,
running: nxsetup --test (I get):
----> Testing your nxserver connection ...
Permission denied (publickey,password,keyboard-interactive).
Fatal error: Could not connect to NX Server.
--
Thelma
