Config to have "ssh too-old-host" error out (with chosen message, and sans actual connection attempt)?

Jochen Bern Jochen.Bern at binect.de
Mon Jun 30 22:14:27 AEST 2025


On 30.06.25 13:46, Darren Tucker wrote:
> On Mon, 30 Jun 2025 at 20:47, Jochen Bern <Jochen.Bern at binect.de<mailto:Jochen.Bern at binect.de>> wrote:
> > ProxyCommand seems to be unable, too (because its output apparently gets
> > swallowed *entirely* by ssh).
> 
> Its stdout does (since that's its purpose), but its stderr doesn't:
> 
> $ cat config
> ProxyCommand sh -c "echo use foo instead >&2"
> 
> $ ssh -F ./config foo bar
> use foo instead
> Connection closed by UNKNOWN port 65535

Ah ... I had tried ">&2" *without* the additional explicit shell 
(level), thanks, works well. Whereas ...

On 30.06.25 13:09, Brian Candler wrote:
> You could abuse a text config setting, like
> 
> Host foobar
> Hostname ": You should use ssh -O PubkeyAcceptedAlgorithms=+ssh-rsa"
[...]
> Or BindInterface

... these both escape the ANSI control sequences I added, alas. :-3

> Although of course, if that were the problem, you could simply apply the
> fix instead:
> PubkeyAcceptedAlgorithms +ssh-rsa

I've been using a bunch of *those* for quite a while (because I upped my 
*default* cryptalgorithm settings *beyond* the back-then OS policy some 
time ago), and the OS Changelog's remark "OpenSSL libs now refuse 
signatures with SHA-1" doesn't seem to be *exact*, either. What I've 
seen getting *specifically* refused is my local ssh-agent signing with 
the older (and shorter, 4kb) RSA keypair, but that doesn't seem to 
explain *all* the now-failing connections, either ...

Thanks again,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250630/943add57/attachment.p7s>


More information about the openssh-unix-dev mailing list