Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
On Fri, May 31, 2024 at 7:08 PM Thomas Schmitt <scdbackup@gmx.net> wrote:
>
> i still have network access to a Debian 8 system, to which i logged in
> from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
> ssh fails with this public key authentication.
> The probably relevant messages from a run of ssh -vvv are:
>
> debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
> debug1: send_pubkey_test: no mutual signature algorithm
>
> To my luck, the old sshd already supports ssh-ed25519 and i was able to
> add the content of the Debian 12 id_ed25519.pub to the Debian 8 file
> .ssh/authorized_keys2 . Now ssh to the Debian 8 machine works again.
>
> But i find this error message "no mutual signature algorithm" strange.
> The Debian 12 ssh client is obviously willing to try ssh-rsa.
> The Debian 8 sshd accepted that key from Debian 11. Why not from 12 ?
>
> In
> https://www.openssh.com/releasenotes.html
> i find for 9.2 or older only a RequiredRSASize directive of which
> man sshd_config says the default is 1024.
> The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
> says the default of option -b with RSA was 2048.
> (Does anybody know how to analyze a key file in regard to such
> parameters ?)
If I am not mistaken, the problem you are experiencing is due to using
RSA/SHA-1 on the old machine. The RSA modulus is large enough, but the
hash is weak. That change happened at OpenSSH 8.9.
`ssh -vvv` should show the ciphers offered by the server and client.
It should look something like:
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,e
cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-
sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha25
6,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2
-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh
.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@o
penssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nist
p256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
Jeff
Reply to: