On 2025-01-11, Vagrant Cascadian wrote: > On 2023-04-06, John Scott wrote: >> It seems bugs #998728, 1008573, and #1032907 are all the same. Perhaps >> the maintainers would like to merge them. >> >> Thanks for your workaround, Vagrant; I found that adding >> KexAlgorithms -sntrup761x25519-sha...@openssh.com >> to my ~/.ssh/config allows me to connect to a Bookworm machine, from >> Bookworm, and also to hosts running a newer OpenSSH daemon. > > With the recent update of openssh in bookworm (1:9.2p1-2+deb12u4) this > no longer seems a sufficient workaround; I can no longer ssh in to > machines running this version of openssh. > > My hunch is the problem was introduced in a new and exciting way with: > > https://bugs.debian.org/1088873 > openssh: please add sntrup761x25519-sha512 as an alias to > sntrup761x25519-sha...@openssh.com in 9.2/Bookworm > > Specifying both in ~/.ssh/config does not work around the issue for me: > > KexAlgorithms -sntrup761x25519-sha...@openssh.com,-sntrup761x25519-sha512
I just confirmed that downgrading to openssh-server 1:9.2p1-2+deb12u3 does work again on at least one machine. live well, vagrant
signature.asc
Description: PGP signature
