openssh 8.8 breaks login to Canonical servers
Bug #1961833 reported by
Julian Andres Klode
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
With 8.7p1-4 connecting to wendigo
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jak/
debug1: Server accepts key: /home/jak/
With 8.8p1-1
debug1: Offering public key: /home/jak/
debug1: send_pubkey_test: no mutual signature algorithm
Needs further investigation, but blocks people a bit right now
tags: | added: rls-jj-incoming |
To post a comment you must log in.
It says
Incompatibility is more likely when connecting to older SSH lgorithms
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedA
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorit hms +ssh-rsa tedAlgorithms +ssh-rsa
PubkeyAccep
So this may be a server too old issue; and we can fix this in internal tooling.