On 2022-12-12, Randall Gellens <obsd.t...@randy.pensive.org> wrote: > Changing the /etc/hostname.if files for the U-Verse and client ports to > add an 'inet' line with a dummy IP address made it all start working. > Before, they just had a line with "description" and text.
> Questions: > > (1) I'd like to understand the interfaces worked without having IP > addresses in OpenBSD 6 but not in OpenBSD 7. They showed as up and as > part of the bridge, but no traffic. One possibility: They would need the word "up" as well as the description, otherwise the interface would remain inactive. Setting an IP or IPv6 address implicitly brings the interface up. (btw it's not "OpenBSD 7", it's "7.2", or "7.1", or whatever - the first digit doesn't mean anything special, they are just numbers raised by .1 each time). > (2) Also, I have several old machines that can no longer SSH into the > OpenBSD 7 box. They get an error "no hostkey alg". Is there an easy way > to get the OpenBSD box to accept connections from older clients? > Presumably I need to enable older key algorithms, but after hunting > through the OpenSSH manual I can't see what I need to do. The packet > rules block access to the OpenBSD box from outside. See https://www.openssh.com/legacy.html but particularly note "The best resolution for these failures is to upgrade the software at the other end and/or replace the weak key types with safer modern types. OpenSSH only disables algorithms that we actively recommend against using because they are known to be weak." If it's possible to update the ssh clients that would be better (there may be other important bugs fixed in them too; for example if any are using old versions of PuTTY there are sdcurity fixes in newer ones too). -- Please keep replies on the mailing list.
