[cfarm-users] [cfarm-announces] A new /home for cfarm23 and cfarm91
Jeffrey Walton
noloader at gmail.com
Thu Jan 11 03:26:33 CET 2024
On Wed, Jan 10, 2024 at 9:14 PM Vincent Lefevre via cfarm-users
<cfarm-users at lists.tetaneutral.net> wrote:
>
> On 2024-01-10 18:02:14 -0800, Paul H. Hargrove wrote:
> > It might just be you, Vincent.
> >
> > I am logged in to cfarm23 right now, copying files from /oldhome
> > So it *is* possible to log in.
>
> This is strange. I can log in on other machines, including the new
> cfarm29.cfarm.net, but not cfarm23.cfarm.net. With "ssh -v", I can
> see that the right key is picked up. But then I get
>
> debug1: send_pubkey_test: no mutual signature algorithm
>
> for cfarm23 instead of the usual
>
> debug1: Server accepts key: [...]
>
> This is a ssh-rsa key.
>
> For cfarm91.cfarm.net, it takes several dozens of seconds to get
> the "debug1: Server accepts key: [...]" line, and several dozens
> of seconds again until I get the prompt.
OpenSSH tightened up RSA key usage in both 9.2 and 9.1. RSA moduli
need to meet a minimum length, and use RSA/SHA256 nowadays. Small RSA
moduli will cause trouble, as will RSA/SHA1 usage. Also see
<https://www.openssh.com/releasenotes.html>.
Use ecdsa and ed25519 keys nowadays.
My authorized_keys file includes ed25519, ecdsa and rsa. My config
prefers the newer algorithms:
$ cat ~/.ssh/config
...
Host *.fsffrance.org fsffrance.org
User noloader
Host *.cfarm.net cfarm.net
User noloader
...
Host *
User jwalton
# Identities are tried in order
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_rsa
Protocol 2
PreferredAuthentications publickey,password
Jeff
More information about the cfarm-users
mailing list