[Touch-packages] [Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
Indeed. PuTTY 0.62 and earlier had a habit of generating slightly short keys sometimes. This is unlikely to change in OpenSSH - the minimum key size is only likely to increase over time. I'd strongly suggest just generating a 2048-bit key, since SSH keys are usually pretty easy to roll over. ** Changed in: openssh (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1756031 Title: openssh-server doesn't accept aes256-cbc key Status in openssh package in Ubuntu: Invalid Bug description: I am using putty connection with RSA key cached in pageant and want to login without password. Private key on windows: PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc ... On ubuntu there is public key in .ssh/authorized_keys ssh-rsa B3Nz...JBjQ== palo@winpgnotas This key works well in ubuntu versions 14.04...17.10 When I tried 18.04 beta, I am getting sshd error: mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth] and I have to provide password. I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added Ciphers +aes256-cbc to /etc/ssh/sshd_config (and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1) but the sshd error remains. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-server 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 Date: Thu Mar 15 10:03:14 2018 InstallationDate: Installed on 2018-03-12 (2 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
AFAIK build time: sshkey.h:49:#define SSH_RSA_MINIMUM_MODULUS_SIZE1024 And those short keys are really considered insecure, which is the reason they went from deprecated to no more accepted. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1756031 Title: openssh-server doesn't accept aes256-cbc key Status in openssh package in Ubuntu: Confirmed Bug description: I am using putty connection with RSA key cached in pageant and want to login without password. Private key on windows: PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc ... On ubuntu there is public key in .ssh/authorized_keys ssh-rsa B3Nz...JBjQ== palo@winpgnotas This key works well in ubuntu versions 14.04...17.10 When I tried 18.04 beta, I am getting sshd error: mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth] and I have to provide password. I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added Ciphers +aes256-cbc to /etc/ssh/sshd_config (and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1) but the sshd error remains. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-server 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 Date: Thu Mar 15 10:03:14 2018 InstallationDate: Installed on 2018-03-12 (2 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
On ubuntu 14.04 ssh-keygen -lf .ssh/authorized_keys 1023 b7:e5:8e:4e:13:84:c2:9a:c8:64:e5:01:e8:84:fc:87 palo@winpgnotas (RSA) On ubuntu 18.04 ssh-keygen -lf .ssh/authorized_keys .ssh/authorized_keys is not a public key file. In Puttygen: ssh-rsa 1023 b7:e5:8e:4e:13:84:c2:9a:c8:64:e5:01:e8:84:fc:87 Is this length refusal hardcoded, and the short keys completely obsolete? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1756031 Title: openssh-server doesn't accept aes256-cbc key Status in openssh package in Ubuntu: Confirmed Bug description: I am using putty connection with RSA key cached in pageant and want to login without password. Private key on windows: PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc ... On ubuntu there is public key in .ssh/authorized_keys ssh-rsa B3Nz...JBjQ== palo@winpgnotas This key works well in ubuntu versions 14.04...17.10 When I tried 18.04 beta, I am getting sshd error: mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth] and I have to provide password. I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added Ciphers +aes256-cbc to /etc/ssh/sshd_config (and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1) but the sshd error remains. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-server 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 Date: Thu Mar 15 10:03:14 2018 InstallationDate: Installed on 2018-03-12 (2 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
Is our SSH ley length <1024 bit? Such short keys are refused by openssh 7.6. When you open your key with Puttygen the length is shown in the beginning of the "Key fingerprint" field. On Ubuntu you can check it with "ssh-keygen -lf .ssh/authorized_keys". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1756031 Title: openssh-server doesn't accept aes256-cbc key Status in openssh package in Ubuntu: Confirmed Bug description: I am using putty connection with RSA key cached in pageant and want to login without password. Private key on windows: PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc ... On ubuntu there is public key in .ssh/authorized_keys ssh-rsa B3Nz...JBjQ== palo@winpgnotas This key works well in ubuntu versions 14.04...17.10 When I tried 18.04 beta, I am getting sshd error: mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth] and I have to provide password. I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added Ciphers +aes256-cbc to /etc/ssh/sshd_config (and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1) but the sshd error remains. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-server 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 Date: Thu Mar 15 10:03:14 2018 InstallationDate: Installed on 2018-03-12 (2 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1756031 Title: openssh-server doesn't accept aes256-cbc key Status in openssh package in Ubuntu: Confirmed Bug description: I am using putty connection with RSA key cached in pageant and want to login without password. Private key on windows: PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc ... On ubuntu there is public key in .ssh/authorized_keys ssh-rsa B3Nz...JBjQ== palo@winpgnotas This key works well in ubuntu versions 14.04...17.10 When I tried 18.04 beta, I am getting sshd error: mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth] and I have to provide password. I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added Ciphers +aes256-cbc to /etc/ssh/sshd_config (and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1) but the sshd error remains. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-server 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 Date: Thu Mar 15 10:03:14 2018 InstallationDate: Installed on 2018-03-12 (2 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp