On Wed, Nov 1, 2017 at 7:58 PM, Greg Wooledge wrote:
> The directives that work in ~/.ssh/config also work in /etc/ssh/ssh_config
> and this includes the Host matching stuff.
>
> As it says in the man page,
>
> SYNOPSIS
> ~/.ssh/config
> /etc/ssh/ssh_config
>
> Since you only want to us
On Wed, Nov 01, 2017 at 07:40:40PM +, Glenn English wrote:
> I didn't create the ~/.ssh/config file because I wanted ssh to work
> for me, no matter who I logged in as or su'ed to. I realize (or think,
> anyway) that's going to open my admin box to the darkSide. I need to
> think about that.
T
On Wed, Nov 1, 2017 at 12:47 AM, Sven Hartge wrote:
> No, this is not the solution, as this will a) set this for every
> connection and b) restrict the Cipher list to *only* this insecure
> cipher.
>
> Please read "man ssh_config". The Ciphers statement recognizes + and -
> as prefixes to add or
Glenn English wrote:
> On Wed, Nov 1, 2017 at 12:47 AM, Sven Hartge wrote:
>> What do you mean? Just create ~/.ssh/config and put a Host statement
>> like above inside it.
> No prob, and will do. I'm used to ssh creating files in config
> directories for me.
OpenSSH never did that for config f
On Wed, Nov 1, 2017 at 12:47 AM, Sven Hartge wrote:
> There are. Both sides exchange a symmetric session key to use for the
> connection. The public/private key which can be used with SSH has
> nothing to do with this.
Yeah. That what I thought it was all about -- the login keys.
> What do you
On Tue, 31 Oct 2017, Glenn English wrote:
> On Tue, Oct 31, 2017 at 9:45 PM, Don Armstrong wrote:
> > Host cisco1841
> > KexAlgorithms diffie-hellman-group1-sha
> > Ciphers aes128-cbc,3des-cbc
> > MACs hmac-md5,hmac-sha1
> >
> > in your ~/.ssh/config and then connect to the machine
Glenn English wrote:
> On Tue, Oct 31, 2017 at 9:45 PM, Don Armstrong wrote:
>> It's ~/.ssh/config.
> Typo, please excuse.
>> That's the Key-exchange algorithm.
> That kinda makes sense. It sounds like that has nothing to do with the
> problem, since there are no keys involved here.
There ar
Take it back. Doesn't work anywhere but the router. FYI...
--
Glenn English
On Tue, Oct 31, 2017 at 9:45 PM, Don Armstrong wrote:
> It's ~/.ssh/config.
Typo, please excuse.
> That's the Key-exchange algorithm.
That kinda makes sense. It sounds like that has nothing to do with the
problem, since there are no keys involved here.
> Generally, what happens is that older
On Tue, 31 Oct 2017, Glenn English wrote:
> So I looked around a bit, and the openssh website says that's a
> insecure algorithm, but I can enable it if I want to by putting some
> text in ~/.ssh.config. Except there is no ~/.ssh.config. I created one
> and put what I think is the recommended text
buster, seems to be all hosts can't talk to Cisco router
I'd like to get into my Cisco 1841 (IOS 12.4) router with ssh like I
have for a decade or so. But buster's ssh says there's no useful
encryption algorithm -- says the offer is diffie-hellman-group1-sha1.
So I looked around a bit, and the ope
Greg Wooledge wrote:
> On Tue, Sep 12, 2017 at 05:45:13PM +, Glenn English wrote:
>> Bingo! User has dsa keys. Root has dsa and rsa keys.
>>
>> Thanks. Now all I have to do is figure out what I did so many years
>> ago to generate the dsas :-)
> You probably did ssh-keygen -t dsa.
> There
On Wed, Sep 13, 2017 at 12:27:53PM -0500, Nicholas Geovanis wrote:
Just thinking out loud for those who won't read that article:
One of its main points is not that DSA is cryptographically weak, as has been
broadly mentioned. Rather that a coding flaw in ssh-keygen limits the key-size
for DSA to
On Wed, Sep 13, 2017 at 3:32 PM, Don Armstrong wrote:
> https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys
> and https://weakdh.org/ explain some of the rationale.
Very interesting indeed. And the link to Logjam
(https://weakdh.org/logjam.html) is also very helpf
On Wed, Sep 13, 2017 at 10:32 AM, Don Armstrong wrote:
> On Tue, 12 Sep 2017, Greg Wooledge wrote:
> > More recently, it has been learned that the DSA keys are "weak"
> > (citation needed), and so the recommendations have shifted.
>
> https://security.stackexchange.com/questions/
> 112802/why-ope
On Tue, 12 Sep 2017, Greg Wooledge wrote:
> More recently, it has been learned that the DSA keys are "weak"
> (citation needed), and so the recommendations have shifted.
https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys
and https://weakdh.org/ explain some of the
On Tue, Sep 12, 2017 at 5:59 PM, Greg Wooledge wrote:
> You probably did ssh-keygen -t dsa.
Probably. :-) Today, I read lots of dox and asked for an rsa -- all better now.
--
Glenn English
On Tue, Sep 12, 2017 at 05:45:13PM +, Glenn English wrote:
> Bingo! User has dsa keys. Root has dsa and rsa keys.
>
> Thanks. Now all I have to do is figure out what I did so many years
> ago to generate the dsas :-)
You probably did ssh-keygen -t dsa.
There was a period of time, about 20 ye
On Mon, Sep 11, 2017 at 11:17 PM, Alexander V. Makartsev
wrote:
> Here, take a look at release notes:
> https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#openssh-protocol-and-cipher-support-changes
Bingo! User has dsa keys. Root has dsa and rsa keys.
Thanks. Now
On Mon, Sep 11, 2017 at 11:17 PM, Alexander V. Makartsev
wrote:
> There were changes in SSH in stretch. And since you told about your
> super old ".ssh" folder you keep tagging along, it could be the reason
> it causes problems for you.
> Here, take a look at release notes:
> https://www.debian.or
There were changes in SSH in stretch. And since you told about your
super old ".ssh" folder you keep tagging along, it could be the reason
it causes problems for you.
Here, take a look at release notes:
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#openssh-protoc
On Mon, Sep 11, 2017 at 9:49 PM, Cindy-Sue Causey
wrote:
> I'm just feeding off your words such as key login. I don't know if
> it's related or not, but I've been having that occasional extra step
> that shows up before you can access your browser. I can't remember the
> exact message, but last t
On 9/11/17, Glenn English wrote:
> Is there something peculiar with SSH on Buster?
>
> The key login doesn't seem to work very well -- root going out works
> to hosts (Wheezy, Jessie, and the one before Wheezy), but the user
> (me) doesn't. And nothing works coming in. Everything is fine on the
>
Is there something peculiar with SSH on Buster?
The key login doesn't seem to work very well -- root going out works
to hosts (Wheezy, Jessie, and the one before Wheezy), but the user
(me) doesn't. And nothing works coming in. Everything is fine on the
non-Buster hosts.
I bought a laptop recently
24 matches
Mail list logo
