On Wed, Apr 16, 2014 at 12:07, Ryan Freeman wrote: > On Wed, Apr 16, 2014 at 06:12:41AM -0500, Ed Ahlsen-Girard wrote: >> I added a second -current box to the house. Since the first (named >> FIRST below) had never had anywhere to ssh to, I created its first >> keypair. >> >> Now the Win7 laptop (LAPPER) running Putty has its connections to the >> first -current box dropped before authentication. The key from the >> laptop is still in authorized_keys. /etc/ssh/sshd_config has not >> changed. security, authorization and message log files have nothing >> to say about this. Dmesg and `tcpdump -o` output from the timeframe of a >> connect attempt are below. > > Hi, > > Is there a chance you haven't updated that version of PuTTY recently? > OpenSSH takes a hard line on insecure HMACs and I recently had to > update PuTTY on a work machine as it wouldn't connect to a new OpenBSD > snapshot installation from a couple weeks ago. > > Force people to update software following insecure semantics rather than > make it easy to be lazy is the song and dance here.
One can also add back hmac-sha1 to MACs in sshd_config. It's not terrible, but others are definitely better.
