On Wed, Jan 10, 2024 at 9:14 PM Vincent Lefevre via cfarm-users <cfarm-users@lists.tetaneutral.net> wrote: > > On 2024-01-10 18:02:14 -0800, Paul H. Hargrove wrote: > > It might just be you, Vincent. > > > > I am logged in to cfarm23 right now, copying files from /oldhome > > So it *is* possible to log in. > > This is strange. I can log in on other machines, including the new > cfarm29.cfarm.net, but not cfarm23.cfarm.net. With "ssh -v", I can > see that the right key is picked up. But then I get > > debug1: send_pubkey_test: no mutual signature algorithm > > for cfarm23 instead of the usual > > debug1: Server accepts key: [...] > > This is a ssh-rsa key. > > For cfarm91.cfarm.net, it takes several dozens of seconds to get > the "debug1: Server accepts key: [...]" line, and several dozens > of seconds again until I get the prompt.
OpenSSH tightened up RSA key usage in both 9.2 and 9.1. RSA moduli need to meet a minimum length, and use RSA/SHA256 nowadays. Small RSA moduli will cause trouble, as will RSA/SHA1 usage. Also see <https://www.openssh.com/releasenotes.html>. Use ecdsa and ed25519 keys nowadays. My authorized_keys file includes ed25519, ecdsa and rsa. My config prefers the newer algorithms: $ cat ~/.ssh/config ... Host *.fsffrance.org fsffrance.org User noloader Host *.cfarm.net cfarm.net User noloader ... Host * User jwalton # Identities are tried in order IdentityFile ~/.ssh/id_ed25519 IdentityFile ~/.ssh/id_ecdsa IdentityFile ~/.ssh/id_rsa Protocol 2 PreferredAuthentications publickey,password Jeff _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
