[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: issues with stretch, part 1 of many



Idont Know if that can help...

''The OpenSSH 7 release has disabled some older ciphers and the SSH1 protocol by default. Please be careful when upgrading machines where you only have SSH access.

Moreover, the default of the "UseDNS" configuration option has changed from yes to no. This may cause users who use the "from=" functionality in authorized_keys to limit ssh access by host to be locked out, which is especially troublesome if upgrading remotely.

Please refer to the OpenSSH documentation for more information. ''

https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#openssh-protocol-and-cipher-support-changes

On 2018-11-27 07:33, Ionel Mugurel Ciobîcă wrote:

Dear all,

I have many issues with stretch which I cannot figure it out. I will
post one at the time, to keep it clear and simple.

I use Debian since 1997. I never had an issue with any release, except
stretch. I installed fresh using net install disk. The install went OK
(except I was forced to chose a wrong timezone (I was not asked about
the continent), but that I fix after installation).

The first question I want to ask relates to ssh, ssh-ask and
ssh-agent. When I ssh to another computer I am asked "Allow use of key
id_rsa? Key fingerprint ..." If I uninstall all ssh-ask programs I
simply can't use the ssh-agent anymore and I am prompted for password.
I try ssh-ask, ssh-ask-fullscreen, ssh-ask-gnome and the similar from
kde. I check the /etc/ssh/ssh_config and /etc/ssh/sshd_config for
anything that may relate to this. The only think coming close are:
UsePAM yes
ChallengeResponseAuthentication no

Is there something I overlook?

To be clear, I do not want to be asked if I allow the use of a key, I
just want this to be assumed yes, as it was the case in the past.

So, I run Linux 4.9.0-8-amd64, Debian 9u6. ssh is openssh_7.4p1,
openssl 1.0.2l ssh-agent is started in $HOME/.xsessionrc as:
eval `ssh-agent -s`

Thank you for any hint.

Kind regards,
 Ionel



Reply to: