This is the mail archive of the
mailing list for the Cygwin project.
Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
- From: Andrew DeFaria <Andrew at DeFaria dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 8 Sep 2015 12:43:55 -0700
- Subject: Re: Every time I run ssh, ssh prompts "password:" with latest OpenSSH package.
- Authentication-results: sourceware.org; auth=none
- References: <CABs5vS7UPWPps5ByU9L60z5PSszRNTkFAaQ+DK0e8HZNWDGXPQ at mail dot gmail dot com> <779534835 dot 20150902194715 at yandex dot ru> <CABs5vS4TxToA=5u5MysSg1+izeL2FepjKbQzkeqvOKxNyOdDUQ at mail dot gmail dot com> <833769153 dot 20150903064857 at yandex dot ru>
On 09/02/2015 08:48 PM, Andrey Repin wrote:
Greetings, Hiroyuki Kurokawa!
Thanks Andrey for reply to my question.
George gave me an advice by a direct mail.
And his instruction solve my problem.
If you use dsa key type, you need to add to your ssh client configuration file, either ~/.ssh/config or /etc/ssh_config, the following parameter:
If you use some other key type, then 'ssh -Q key' will list all supported key types, pick the right one and put it into config file instead of ssh-dss.
I had the same problem after the last ssh upgrade.
Now the latest ssh works fine with ~/.ssh/config which contains
"PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA.
I appreciate George so much.
This is not the right solution. Right solution would be to change your keys.
While DSA keys aren't inherently insecure (quite opposite), FIPS compliant
systems enforce DSA key length to 1024 bits, which is considered to be weak
nowadays. You CAN use longer DSA keys, but not all systems support it.
Or perhaps use ecdsa? ssh-keygen -t ecdsa
<a href="http://defaria.com">Andrew DeFaria</a><br>
<a href="http://clearscm.com">ClearSCM, Inc.</a><br>
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple