From nobody Fri Sep 10 04:41:36 2021 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 93F5317B62F0 for ; Fri, 10 Sep 2021 04:42:12 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp4-2.goneo.de (smtp4.goneo.de [IPv6:2001:1640:5::8:59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H5NWm3NB9z4fK0 for ; Fri, 10 Sep 2021 04:42:12 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from thor.intern.walstatt.dynvpn.de (dynamic-089-012-135-018.89.12.pool.telefonica.de [89.12.135.18]) by smtp4.goneo.de (Postfix) with ESMTPSA id D866B2040D83; Fri, 10 Sep 2021 06:42:03 +0200 (CEST) Date: Fri, 10 Sep 2021 06:41:36 +0200 From: FreeBSD User To: Philipp Ost Cc: FreeBSD CURRENT Subject: Re: OpenSSH issue: 14-Current rejects non-publickey scp/ssh/rsync connectiosn all of the sudden Message-ID: <20210910064203.4f754d72@thor.intern.walstatt.dynvpn.de> In-Reply-To: <8e25f7ef-3c20-a078-4b47-81b17585df25@smo.de> References: <20210909211530.5cf712d7@thor.intern.walstatt.dynvpn.de> <8e25f7ef-3c20-a078-4b47-81b17585df25@smo.de> Organization: walstatt-de.de List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H5NWm3NB9z4fK0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N Am Thu, 9 Sep 2021 22:12:09 +0200 Philipp Ost schrieb: > On 9/9/21 9:15 PM, FreeBSD User wrote: > [...] > > What has changed in the recent 14-CURRENT OpenSSH update that dramatically that working > > schematics do not work any more? > > OpenSSH has been updated to v8.7p1: > > https://cgit.freebsd.org/src/commit/?id=19261079b74319502c6ffa1249920079f0f69a72 > > One of the more prominent changes is the deprecation of SHA1. > > There's some additional information here: > https://lists.freebsd.org/archives/freebsd-hackers/2021-September/000289.html > > HTH > Philipp > I was and I'm aware of the published changes and deprecating SHA1 would imply non-use of SHA1-based public keys. But public key authentication works fine, for pure ssh and ssh-based rsync (scp untested). Password authentication doesn't work anymore either for pure ssh, scp and rsync. I can not find any hints to dramatic changes to that and this authentication scheme doesn't even work with the standard/vanilla sshd_config for the 14-CURRENT server side. And beware: this problem is present only in relations, were recent 14-CURRENT is the ssh server. oh -- O. Hartmann