[cfarm-users] cfarm210 now with FractalKit packages
Freya Fractal
saoirse at axiom-networks.org
Sat Jan 3 01:19:14 CET 2026
there's no reason to permit ssh-rsa access to a machine like that, when
all the folks accessing it will almost certainly be running newer ssh
clients. The only reason ssh-rsa was required was because SunSSH was
ancient, and SunSSH is now no longer running. I have tested Debian 12,
and Debian 12 can now connect. I can add ssh-rsa if it is really needed,
but I'd like to see a reasoning before I lower the security of that
machine that far
On 1/2/2026 16:08, mirabilos via cfarm-users wrote:
> Freya Fractal via cfarm-users dixit:
>
>> yeah I can add some more permissive modes to it,. gimme a bit.
> You’ll need to add…
>
> HostKeyAlgorithms +ssh-rsa
> PubkeyAcceptedKeyTypes +ssh-rsa
>
> … to /etc/ssh/sshd_config (*BEFORE* the Match blocks),
> at the very least (although this shouldn’t have been a
> problem for a Debian 12 client, but others need it).
>
> bye,
> //mirabilos
>
> PS: Corresponding ~/.ssh/config or /etc/ssh/ssh_config setup,
> for those in need (too-new client with older server):
> Host *
> HostKeyAlgorithms +ssh-rsa
> PubkeyAcceptedKeyTypes +ssh-rsa
More information about the cfarm-users
mailing list