Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] DSA keys not accepted in ssh?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] DSA keys not accepted in ssh? (Read 7633 times)
Joe
Newbie
Posts: 23
Karma: 0
[SOLVED] DSA keys not accepted in ssh?
«
on:
December 17, 2015, 09:19:17 pm »
Hello,
I cant login to opnsense via ssh because of:
userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
have I missed some important weakness of DSA algorithm?
«
Last Edit: December 25, 2015, 02:46:38 pm by franco
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: DSA keys not accepted in ssh?
«
Reply #1 on:
December 22, 2015, 08:33:52 am »
Kind of. OpenSSH 7.0 deprecated DSA, it must be enabled in the config which at this point changed the behaviour of our implementation. There's no way to reenable DSA (ssh-dss) other than reworking the config write in the file /usr/local/etc/rc.sshd (which is lost on firmware updates). Feel free to send a feature request through GitHub, key selection might be of interest if there really is no alternative to migrating away from DSA keys.
http://www.openssh.com/legacy.html
Logged
Joe
Newbie
Posts: 23
Karma: 0
Re: DSA keys not accepted in ssh?
«
Reply #2 on:
December 25, 2015, 12:49:16 pm »
Thanks for the info.
It appears that DSA keys are inherently insecure, so it's better not to activate them.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] DSA keys not accepted in ssh?
«
Reply #3 on:
December 25, 2015, 02:46:58 pm »
Okay, sounds good.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] DSA keys not accepted in ssh?