Try to login: permission denied

Jakub Jelen jjelen at redhat.com
Thu Nov 22 19:58:19 AEDT 2018


On Thu, 2018-11-22 at 04:56 +0100, Stef Bon wrote:
> When I remove the
> 
> PubkeyAcceptedKeyTypes ssh-rsa
> 
> setting, I'm able to login. Huhh I've been always able to login this
> way. I see a message about the semantics has been changed, but maybe
> more has been changed...
> I think - but that is a wild guess - that the client asks it can use
> the new rsa-sha2-256/512 methods, server cannot support these cause
> these are not listed in the PubkeyAcceptedKeyTypes parameter and
> disconnects.

Yes, you are right. If you specify this option, the server will reject
all the other public key algorithms, but RSA keys are using the SHA2
signatures for some time already and they use different "signature
type", but only recent update made this enforced (see the release notes
for OpenSSH 7.8 [1]).

[1] http://www.openssh.com/txt/release-7.8

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.



More information about the openssh-unix-dev mailing list