Re: SSH from old Mac fail to login via ssh rsa key
"Daniele B.":
> I went to my Mac (SSH -V: OpenSSH 6.9p1 LibreSSL 2.1.8) and launched
> ssh-keygen produced for my my user a nice RSA key. I grabbed it and I
> went on my
> cloud server (SSH -V: OpenSSH 9.2p1 OpenSSL 3.0.9) and appended it in
> my .ssh/authorized_keys.
While RSA _keys_ are still supported, the RSA signature _algoritm_
has changed: rsa-sha2-{256,512} is used nowadays and the old ssh-rsa
scheme has been disabled by default.
rsa-sha2 was introduced with OpenSSH 7.2, so 6.9 is too old.
The easiest solution is to use an Ed25519 key, supported since
OpenSSH 6.5:
$ ssh-keygen -t ed25519
--
Christian "naddy" Weisgerber na...@mips.inka.de
Re: SSH from old Mac fail to login via ssh rsa key
Thanks, that was the solution.. -- Daniele Bonini Oct 8, 2023 20:05:11 Jan Stary : > Use an ed25519 key instead of the obsolete rsa key.
Re: SSH from old Mac fail to login via ssh rsa key
Use an ed25519 key instead of the obsolete rsa key. Chances are the sshd server is refusing to work with the obsolete key. If you showed the actual ssh -v output, people would if that is the case. On Oct 08 19:44:36, my2...@has.im wrote: > Hello, > > While moving my stuff online I decided that it was the time to allow > more machines to login to my server. > > Indeed I have my usual old Mac that merits a chance to login to my cloud > server too.. ;) > > I went to my Mac (SSH -V: OpenSSH 6.9p1 LibreSSL 2.1.8) and launched > ssh-keygen produced for my my user a nice RSA key. I grabbed it and I > went on my > cloud server (SSH -V: OpenSSH 9.2p1 OpenSSL 3.0.9) and appended it in > my .ssh/authorized_keys. > > SSHD user authentication by password is disabled on the cloud server.. > > I rebooted the Mac and restarted SSH on the cloud server.. but > the Mac SSH continues to ask to me to login with the root password > instead to ask the RSA file password to access its public key. > >From the man I see that asking the root password is the last chance > given to the user to login if anything goes wrong.. > > Is there any chance to make Mac SSH login works by key or I can give it > up? > > Thanks! > > -- Daniele Bonini > >
SSH from old Mac fail to login via ssh rsa key
Hello, While moving my stuff online I decided that it was the time to allow more machines to login to my server. Indeed I have my usual old Mac that merits a chance to login to my cloud server too.. ;) I went to my Mac (SSH -V: OpenSSH 6.9p1 LibreSSL 2.1.8) and launched ssh-keygen produced for my my user a nice RSA key. I grabbed it and I went on my cloud server (SSH -V: OpenSSH 9.2p1 OpenSSL 3.0.9) and appended it in my .ssh/authorized_keys. SSHD user authentication by password is disabled on the cloud server.. I rebooted the Mac and restarted SSH on the cloud server.. but the Mac SSH continues to ask to me to login with the root password instead to ask the RSA file password to access its public key. >From the man I see that asking the root password is the last chance given to the user to login if anything goes wrong.. Is there any chance to make Mac SSH login works by key or I can give it up? Thanks! -- Daniele Bonini
Use of fw_update to bootstrap OBSD
Hello, I am installing OpenBSD on an old xps13 9380. The WiFi is not supported and so I am using a usb dongle for which I need the athn-firmware. I get it to work and now wanting to prep a USB disk with all necessary firmware. I'm following the FAQ#4 on the website (I suppose it works with more firmware than just the WiFi). So, now to my question. Using fw_update -F to the current dir does download all firmware (5 files) and SHA256.sig. However, the file SHA256.sig does not include the signature, using signify like so: signify -Cp /etc/signify/openbsd-73-fw.pub -x SHA256.sig * Fails with message: invalid comment in SHA256.sig; must start with 'untrusted comment: ' Downloading the SHA256.sig from firmware.openbsd.org/firmware/7.3/SHA256.sig which includes the signature does work. Is it that normal behaviour? Since the firmware.openbsd.org site is not HTTPS, and that, at least for me, fw_update does not download signed SHA256.sig, would it not be possible to download unintended files? Thanks in advance, Thomas
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
$ ffmpeg -f v4l2 -list_formats all -i /dev/video1 ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers built with OpenBSD clang version 13.0.0 configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug --disable-stripping --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl --enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g -Wno-redundant-decls' libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat58. 76.100 / 58. 76.100 libavdevice58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc55. 9.100 / 55. 9.100 [video4linux2,v4l2 @ 0xdfad921b000] Raw : Unsupported :Unknown UC Format : /dev/video1: Immediate exit requested $ ffmpeg -f v4l2 -list_formats all -i /dev/video0 ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers built with OpenBSD clang version 13.0.0 configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug --disable-stripping --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl --enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g -Wno-redundant-decls' libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat58. 76.100 / 58. 76.100 libavdevice58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc55. 9.100 / 55. 9.100 [video4linux2,v4l2 @ 0xe580ab7a000] Compressed: mjpeg : MJPEG : 1920x1080 320x180 320x240 352x288 424x240 640x360 640x480 848x480 960x540 1280x720 [video4linux2,v4l2 @ 0xe580ab7a000] Raw : yuyv422 : YUYV : 640x480 320x180 320x240 352x288 424x240 640x360 848x480 960x540 1280x720 1920x1080 /dev/video0: Immediate exit requested 8 octobre 2023 11:45 "Bryan Steele" a écrit: > Morgan wrote: > >> Hello, >> >> $ video -q -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings >> >> $ video -s 1920x1080 -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings >> >> thanks for your suggestion >> >> Morgan > > Are there any non-YUV formats supported? > > $ ffmpeg -f v4l2 -list_formats all -i /dev/video1 > > -Bryan.
Re: relayd ssl termination advice
On 08.10.2023 03:00, Courtney wrote: Hello everyone, I'm seeking an ideal way to make secure https connections to a handful of web servers in my house. Currently I have a Nextcloud server and a gitea server, but only the Nextcloud server is being port forwarded on 80/443. I want to make my gitea server publicly visible as well as a couple other projects. My thought is to have relayd running on my router and match Host headers and forward it to my servers based on the Host. This will also conveniently let me handle renewing Let's Encrypt certs in one place. I already do this right now with a VPS, but I have a wireguard tunnel to my house in this case to access the backend, which is encrypting the traffic from my relayd server to my backend web server. With my Nextcloud and gitea server, if I terminate SSL at my router, the connection between my router and Nextcloud/gitea web servers would be unencrypted. Even though it is in my own house, I don't really like that idea. It seems to be overkill too to do peer to peer wireguard between my Nextcloud/gitea servers in my house. I was wondering if this would actually be proper or if there are any other ideas you all might have. Ultimately, I want to serve a handful of services on 80/443 that are easily accessible internally and externally, and I don't want to have unencrypted traffic between relayd and my server for the services that are passing sessions and such. Thank you, Courtney I have a similar situation at home. I use TLS to encrypt the traffic between relayd(8) and the actual web servers. On the web servers I use self-signed certificates which are valid for several decades. When it comes to administrative access on the web servers I use my router as ProxyJump and/or configure local tunnel(s) in ssh(1). Cheers, Bruno
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Morgan wrote: > Hello, > > $ video -q -f /dev/video1 > video: /dev/video1 has no usable YUV encodings > > $ video -s 1920x1080 -f /dev/video1 > video: /dev/video1 has no usable YUV encodings > > > thanks for your suggestion > > Morgan Are there any non-YUV formats supported? $ ffmpeg -f v4l2 -list_formats all -i /dev/video1 -Bryan.
