Date: Tue, 22 Nov 2016 10:47:17 -0500 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied Message-ID: <2b9b6473-fc17-3aad-ee1a-4c20b340ec00@freebsd.org> In-Reply-To: <201611220737.uAM7bMSY072062@kx.openedu.org> References: <201611220737.uAM7bMSY072062@kx.openedu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CXdVfMotnbxOCoC2X88lnEMiI1ncQONlt Content-Type: multipart/mixed; boundary="oPpWlJaaXNbqBW8tJLlJMgqekJtn2cvH1"; protected-headers="v1" From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Message-ID: <2b9b6473-fc17-3aad-ee1a-4c20b340ec00@freebsd.org> Subject: Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied References: <201611220737.uAM7bMSY072062@kx.openedu.org> In-Reply-To: <201611220737.uAM7bMSY072062@kx.openedu.org> --oPpWlJaaXNbqBW8tJLlJMgqekJtn2cvH1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote: > Hi, all >=20 > I've updated to HEAD(r308871) at 2 days ago, and also ports > too(r426562). Then all stuffs including applications have > been updated and tried to slogin to this host,but can't > connect with the message `userauth_pubkey: key type ssh-dss > not in PubkeyAcceptedKeyTypes [preauth]' in > /var/log/auth.log. I found new OpenSSH-7.* has not been > supported DSA and to connect from client with old ssh(lower > than OpenSSH-7.0),set `ssh-dss' or some values set to > relevant variables in /etc/ssh/sshd_config. According to [1] > and [2] I've set these variables as below: >=20 > PubkeyAcceptedKeyTypes=3D+ssh-dss > HostKeyAlgorithms=3D+ssh-dss > KexAlgorithms=3D+diffie-hellman-group-exchange-sha256 >=20 > and successfully slogined: >=20 snip >=20 > And with the message `fatal: Fssh_packet_write_poll: > Connection from xxx.xxx.xx.xx port yyyyy: Permission denied' > in /var/log/auth.log: >=20 >=20 > Nov 22 16:07:51 kx sshd[73878]: Accepted publickey for admin from xxx.x= xx.xx.xx port 64147 ssh2: DSA SHA256:6uPsONRWeNkYjlj9BU4GZYUUeH60ZbUCB25j= olvrvj8 > Nov 22 16:07:51 kx sshd[73880]: fatal: Fssh_packet_write_poll: Connecti= on from xxx.xxx.xx.xx port 64147: Permission denied >=20 >=20 > Is there any suggesions? > My environments are as follows: >=20 > - Server: >=20 > admin@kx:~ % uname -a > FreeBSD kx.truefc.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r308871M: S= un Nov 20 15:51:21 JST 2016 admin@kx.truefc.org:/usr/obj/usr/src/sys/= XIJ amd64 > admin@kx:~ % ssh -V > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > admin@kx:~ %=20 >=20 > - Client: >=20 > kiri@kazu:~[995]% uname -a > FreeBSD kazu.pis 9.2-STABLE FreeBSD 9.2-STABLE #5 r259404M: Mon Dec 16 = 00:12:52 JST 2013 admin@kazu.pis:/usr/obj/usr/src/sys/GENERIC amd64 > kiri@kazu:~[996]% ssh -V > OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 > kiri@kazu:~[997]%=20 >=20 >=20 > Best regards. >=20 >=20 > [1] https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-k= eys.html > [2] https://lists.freebsd.org/pipermail/freebsd-current/2016-August/062= 853.html >=20 > --- > KIRIYAMA Kazuhiko > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.o= rg" >=20 Newer versions of OpenSSH, like the one shipped in 11.0 and 12-current, do not accept DSA keys anymore. You will need to use RSA keys, or the newer ECDSA or ED25519 key types. --=20 Allan Jude --oPpWlJaaXNbqBW8tJLlJMgqekJtn2cvH1-- --CXdVfMotnbxOCoC2X88lnEMiI1ncQONlt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJYNGiIAAoJEBmVNT4SmAt+5z8P/jdheApIM57VbOWurVh283ih qT1QlNDFSlikYGGD3SuDi38HtehRaIzNi8035EmlbNpAtyl8blM+VXIPCX+KfffR OH4rcnloQtXOcFDct1Yh5H8dQp6hbbm1XQoz+2s9v+W4VXFoUC0diQ6dZLqqqoIL fUbfit6Yf0+t8qpJ9EcGOfDnpN/fwPKgdcYpWzacxGcOncR5bsXHyC+TUralWN3Z vjN+vtvh/VnZ6H7gbGcCHxkGVcZsjUBohan9HzuJySFdadJ36wnAlj/gqXJMwQC7 AC+wsg3CHENhi/PJqTchIv+5Zt+eoIyWHRJS/VEKHgc4x4h5hNpAAMQDWuYSeI7n /jmJWbWCADRxQi8jBCpKBwpRzIM40CRzvN2U+5HegEEe0MTYC+g+Y4TyMSmR0AsW BJ9hup2QI92Lan7naR9ptxIT7GbLCcjB4J/EFfrUdhMgBHm1RATXR3HwVz0wTcmb Tm7goIrpCwrTmG1Eo0/cDY09K2WKc2FRERzo5yndmnVT6amvA+1eyd6C2nOKM80N S3XAZ12/3V5t/dtvjk9hR6ECUPYsohk04tTrYWhutP7kdwBuLCR71Gsi2MVXxIyH dtIyZw3l/ismLs3uzDXdx06lAzxcj1/CkwNRkRt35b+5an0pCuV+mykQrM4Oa85O f2OSKDolcpH/hRRfK1uc =xy4v -----END PGP SIGNATURE----- --CXdVfMotnbxOCoC2X88lnEMiI1ncQONlt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2b9b6473-fc17-3aad-ee1a-4c20b340ec00>