On Mi, Jul 17, 2019 at 12:14:36 +0200, Pierre Frenkiel wrote:
have When trying a passwordless connection via ssh, I have now the message:id_dsa - not in PubkeyAcceptedKeyTypes although it is actually in /etc/ssh/sshd_config
According to the buster manpage of sshd_config: PubkeyAcceptedKeyTypesSpecifies the key types that will be accepted for public key authentication as a list of comma-separated patterns. Alternately if the specified value begins with a ‘+’ character, then the specified key types will be appended to the default set instead of replacing them. If the specified value begins with a ‘-’ character, then the specified key types (including wildcards) will be removed from the default set instead of re‐
placing them. The default for this option is:
ecdsa-sha2-nistp256-cert-...@openssh.com,
ecdsa-sha2-nistp384-cert-...@openssh.com,
ecdsa-sha2-nistp521-cert-...@openssh.com,
ssh-ed25519-cert-...@openssh.com,
rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,
ssh-rsa-cert-...@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
The list of available key types may also be obtained using "ssh -Q key".
So there is nothing for dsa, only ecdsa.
The default list in stretch is shorter but doesn’t have a dsa type
either.
Shade and sweet water!
Stephan
--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature
