Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd

To: Thomas Schmitt <scdbackup@gmx.net>
Cc: debian-user@lists.debian.org
Subject: Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 31 May 2024 19:19:24 -0400
Message-id: <[🔎] CAH8yC8kcTbLiP=Sv=Jb_Xm-JyRFnR1ZFxdW=yBojdCr8Az4emA@mail.gmail.com>
Reply-to: noloader@gmail.com
In-reply-to: <[🔎] 31895318715752467732@scdbackup.webframe.org>
References: <[🔎] 31895318715752467732@scdbackup.webframe.org>

On Fri, May 31, 2024 at 7:08 PM Thomas Schmitt <scdbackup@gmx.net> wrote:
>
> i still have network access to a Debian 8 system, to which i logged in
> from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
> ssh fails with this public key authentication.
> The probably relevant messages from a run of ssh -vvv are:
>
>   debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
>   debug1: send_pubkey_test: no mutual signature algorithm
>
> To my luck, the old sshd already supports ssh-ed25519 and i was able to
> add the content of the Debian 12 id_ed25519.pub to the Debian 8 file
> .ssh/authorized_keys2 . Now ssh to the Debian 8 machine works again.
>
> But i find this error message "no mutual signature algorithm" strange.
> The Debian 12 ssh client is obviously willing to try ssh-rsa.
> The Debian 8 sshd accepted that key from Debian 11. Why not from 12 ?
>
> In
>   https://www.openssh.com/releasenotes.html
> i find for 9.2 or older only a RequiredRSASize directive of which
> man sshd_config says the default is 1024.
> The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
> says the default of option -b with RSA was 2048.
> (Does anybody know how to analyze a key file in regard to such
> parameters ?)

If I am not mistaken, the problem you are experiencing is due to using
RSA/SHA-1 on the old machine. The RSA modulus is large enough, but the
hash is weak. That change happened at OpenSSH 8.9.

`ssh -vvv` should show the ciphers offered by the server and client.
It should look something like:

    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,e
    cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-
    sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-g
    roup16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha25
    6,ext-info-c,kex-strict-c-v00@openssh.com
    debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2
    -nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,
    ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh
    .com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@o
    penssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nist
    p256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,
    sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256

Jeff

Reply to:

References:
- No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: After upgrade, what do you do about "removed" and "obsolete" packages ?
Next by Date: [Lynx-dev] ANN: lynx2.9.2
Previous by thread: [solved] Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
Next by thread: [Lynx-dev] ANN: lynx2.9.2
Index(es):
- Date
- Thread