Re: ssh-agent not working after upgrade to fedora 23

Wed, 13 Apr 2016 14:40:59 -0700 

On 04/13/2016 01:04 PM, Tom Horsley wrote:

On Wed, 13 Apr 2016 15:51:31 -0400
Richard Heck wrote:


Any suggestions?


Yep. The security geeks decided dsa keys weren't secure,
but none of the errors messages you get give you a hint
that dsa keys no longer work.

You can change a lot of obscure parameters in /etc/sshd.config
(and maybe /etc/ssh.config as well) or you can sigh and
generate new keys using an "acceptable" cipher and
distribute the new public key around to every single
system that has your old dsa key.


You can use "ssh -o HostkeyAlgorithms +ssh-dss remotehost" to
temporarily use dsa keys, or add

        Host *
            HostkeyAlgorithms +ssh-dss

to your /etc/ssh/ssh_config or ~/.ssh/config file, but switch to rsa
when you can. The "experts" think its better and by default, ssh won't
use dss any more.
Also be aware that by default ssh no longer allows diffie-hellman-group1-sha1 key exchange.
Again, you can "ssh -o KexAlgorithms +diffie-hellman-group1-sha1 remotehost" or add 

        Host *
            KexAlgorithms +diffie-hellman-group1-sha

to your /etc/ssh/ssh_config or ~/.ssh/config files. Both of these have
gotten me trying to log into some older Cisco routers. I've added things
like

        Host remote-cisco-gear
            HostkeyAlgorithms +ssh-dss
            KexAlgorithms +diffie-hellman-group1-sha1

for each of these problematic machines to my ~/.ssh/config file to get
around these issues. Grrrr!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ri...@alldigital.com -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-  Time: Nature's way of keeping everything from happening at once.  -
----------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Reply via email to