This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Sshd behaving strangely...
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Zdzislaw Meglicki <zdzisiekm at sbcglobal dot net>, cygwin at cygwin dot com
- Date: Mon, 7 Sep 2015 00:40:05 +0300
- Subject: Re: Sshd behaving strangely...
- Authentication-results: sourceware.org; auth=none
- References: <1536135967 dot 1623711 dot 1441554363665 dot JavaMail dot yahoo at mail dot yahoo dot com>
- Reply-to: cygwin at cygwin dot com
Greetings, Zdzislaw Meglicki!
Please teach your mail agent to not break threading. Thank you in advance.
>> OpenSSH 7.0 (and thus the current 7.1) deprecated a couple
>> of old and insecure ciphers. Probably that's the reason.
> Well, what I mean is that it is strange that sshd-7.1p1-1 accepts
> a connection from ssh-3.9p1, upon announcing that the "key type ssh-dss
> [is] not in PubkeyAcceptedKeyTypes," and lets the user in having accepted
> the password,
Likely explanation is that you've tried to connect using private DSA key,
which server rejected and subsequently asked for a password.
> yet rejects connection from ssh-6.8p1-1 not even allowing
> for the presentation of a password, and claims that "seteuid operation
> [is] not permitted."
This is a different issue, judging from the error message.
Without more data from both sides it is impossible to tell for certain, whats
going on.
A verbose log of the same connection from both server and client may help.
> Why was the operation permitted when the key was not in
> PubkeyAcceptedKeyTypes?
> This seems to me to be a security bug.
More like you are not telling us a whole story.
> And I still wonder how to configure sshd to allow normal connections
> with accepted key types, any documentation out there that would help?
Sorry, what? It do work like that out of the box.
--
With best regards,
Andrey Repin
Monday, September 7, 2015 00:33:31
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple