Hi Andrey, > This is not the right solution. Right solution would be to change your keys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be weak > nowadays. You CAN use longer DSA keys, but not all systems support it.
I created a new 2048-bit RSA key and confirmed that ssh works fine with this key & latest OpenSSH package without PubkeyAcceptedKeyTypes configuration. Thanks, Hiroyuki Kurokawa 2015-09-03 12:48 GMT+09:00 Andrey Repin <anrdae...@yandex.ru>: > Greetings, Hiroyuki Kurokawa! > >> Thanks Andrey for reply to my question. > >> George gave me an advice by a direct mail. >> And his instruction solve my problem. > >>> If you use dsa key type, you need to add to your ssh client configuration >>> file, either ~/.ssh/config or /etc/ssh_config, the following parameter: >>> >>> PubkeyAcceptedKeyTypes +ssh-dss >>> >>> If you use some other key type, then 'ssh -Q key' will list all supported >>> key types, pick the right one and put it into config file instead of >>> ssh-dss. >>> >>> I had the same problem after the last ssh upgrade. > >> Now the latest ssh works fine with ~/.ssh/config which contains >> "PubkeyAcceptedKeyTypes +ssh-dss" because a type of my key is DSA. > >> I appreciate George so much. > > This is not the right solution. Right solution would be to change your keys. > While DSA keys aren't inherently insecure (quite opposite), FIPS compliant > systems enforce DSA key length to 1024 bits, which is considered to be weak > nowadays. You CAN use longer DSA keys, but not all systems support it. > > > -- > With best regards, > Andrey Repin > Thursday, September 3, 2015 06:46:29 > > Sorry for my terrible english... > -- 黒川裕之 kurok...@gmail.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
