This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Sshd behaving strangely...

Greetings, Zdzislaw Meglicki!

Please teach your mail agent to not break threading. Thank you in advance.

>> OpenSSH 7.0 (and thus the current 7.1) deprecated a couple
>> of old and insecure ciphers.  Probably that's the reason.

> Well, what I mean is that it is strange that sshd-7.1p1-1 accepts
> a connection from ssh-3.9p1, upon announcing that the "key type ssh-dss
> [is] not in PubkeyAcceptedKeyTypes," and lets the user in having accepted
> the password,

Likely explanation is that you've tried to connect using private DSA key,
which server rejected and subsequently asked for a password.

> yet rejects connection from ssh-6.8p1-1 not even allowing
> for the presentation of a password, and claims that "seteuid operation
> [is] not permitted." 

This is a different issue, judging from the error message.
Without more data from both sides it is impossible to tell for certain, whats
going on.
A verbose log of the same connection from both server and client may help.

> Why was the operation permitted when the key was not in
> PubkeyAcceptedKeyTypes?

> This seems to me to be a security bug.

More like you are not telling us a whole story.

> And I still wonder how to configure sshd to allow normal connections
> with accepted key types, any documentation out there that would help?

Sorry, what? It do work like that out of the box.

With best regards,
Andrey Repin
Monday, September 7, 2015 00:33:31

Sorry for my terrible english...

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]