[OmniOS-discuss] OmniOS r151016 is now out!
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Fri Nov 20 20:54:11 UTC 2015
I encountered an additional issue with OpenSSH. The issues related to
updating to OpenSSH 7.0+ are described at
http://www.openssh.com/legacy.html. The problem I ran into was that
existing user keys of type 'ssh-dss' are not accepted. The
work-around offered on that page (a client setting) is useless since
the problem is on the server side.
I just achieved success using this additional setting in sshd_config:
# Public keys of type ssh-dss are now considered to be insecure
PubkeyAcceptedKeyTypes +ssh-dss
Since ssh-dss keys are now considered insecure, it is necessary for
users to provide keys of an accepted type in authorized_keys, with an
associated private key. Once users have been accounted for, this
option should be disabled. I notice that ssh-rsa is still in the list
of accepted types.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OmniOS-discuss
mailing list