[SOLVED] DSA keys not accepted in ssh?

Joe · December 17, 2015, 09:19:17 PM

Hello,

I cant login to opnsense via ssh because of:

userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

have I missed some important weakness of DSA algorithm?

franco · December 22, 2015, 08:33:52 AM

Kind of. OpenSSH 7.0 deprecated DSA, it must be enabled in the config which at this point changed the behaviour of our implementation. There's no way to reenable DSA (ssh-dss) other than reworking the config write in the file /usr/local/etc/rc.sshd (which is lost on firmware updates). Feel free to send a feature request through GitHub, key selection might be of interest if there really is no alternative to migrating away from DSA keys.

http://www.openssh.com/legacy.html

Joe · December 25, 2015, 12:49:16 PM

Thanks for the info.

It appears that DSA keys are inherently insecure, so it's better not to activate them.

franco · December 25, 2015, 02:46:58 PM

Okay, sounds good. :)

[SOLVED] DSA keys not accepted in ssh?

Joe

December 17, 2015, 09:19:17 PM Last Edit: December 25, 2015, 02:46:38 PM by franco

franco

December 22, 2015, 08:33:52 AM #1

Joe

December 25, 2015, 12:49:16 PM #2

franco

December 25, 2015, 02:46:58 PM #3