[cfarm-users] New aarch64 hardware in Japan

[Jing Luo]

On 2024-10-29 05:28, Mark Adler via cfarm-users wrote:
> Thanks Jing! Liking all them BSDs.
> 
> While sshing to cfarm420..430, all of them work fine for me _except_
> cfarm426. For that one I get:
> 
> Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
> 
> For anyone here, why might that be?

Hi there, it looks like your RSA key is very short:

Oct 28 20:16:27 cfarm426 sshd[4173718]: Connection from 108.226.420.69 
port 62959 on 192.168.4.26 port 22426 rdomain ""
Oct 28 20:16:31 cfarm426 sshd[4173718]: refusing RSA key: Invalid key 
length [preauth]
Oct 28 20:16:31 cfarm426 sshd[4173718]: Connection closed by 
authenticating user madler 108.226.420.69 port 62959 [preauth]

Looks like Rocky and other RHEL cousins have this global config file 
requires the RSA key length to be at least 2048, while the OpenSSH 
default is 1024:

/etc/crypto-policies/back-ends/opensshserver.config

...
PubkeyAcceptedAlgorithms 
ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01 at openssh.com
...
RequiredRSASize 2048

-- 
Jing Luo
About me: https://jing.rocks/about/
GPG Fingerprint: 4E09 8D19 00AA 3F72 1899 2614 09B3 316E 13A1 1EFC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20241029/eceba90e/attachment.sig>