OPNsense Forum
English Forums => General Discussion => Topic started by: Joe on December 17, 2015, 09:19:17 pm
-
Hello,
I cant login to opnsense via ssh because of:
userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
have I missed some important weakness of DSA algorithm?
-
Kind of. OpenSSH 7.0 deprecated DSA, it must be enabled in the config which at this point changed the behaviour of our implementation. There's no way to reenable DSA (ssh-dss) other than reworking the config write in the file /usr/local/etc/rc.sshd (which is lost on firmware updates). Feel free to send a feature request through GitHub, key selection might be of interest if there really is no alternative to migrating away from DSA keys.
http://www.openssh.com/legacy.html
-
Thanks for the info.
It appears that DSA keys are inherently insecure, so it's better not to activate them.
-
Okay, sounds good. :)