Yep, got it working now. Thanks Jing! > On Oct 28, 2024, at 2:39 PM, Jing Luo <jing@jing.rocks> wrote: > > On 2024-10-29 05:28, Mark Adler via cfarm-users wrote: >> Thanks Jing! Liking all them BSDs. >> While sshing to cfarm420..430, all of them work fine for me _except_ >> cfarm426. For that one I get: >> Permission denied (publickey,gssapi-keyex,gssapi-with-mic). >> For anyone here, why might that be? > > Hi there, it looks like your RSA key is very short: > > Oct 28 20:16:27 cfarm426 sshd[4173718]: Connection from 108.226.420.69 port > 62959 on 192.168.4.26 port 22426 rdomain "" > Oct 28 20:16:31 cfarm426 sshd[4173718]: refusing RSA key: Invalid key length > [preauth] > Oct 28 20:16:31 cfarm426 sshd[4173718]: Connection closed by authenticating > user madler 108.226.420.69 port 62959 [preauth] > > Looks like Rocky and other RHEL cousins have this global config file requires > the RSA key length to be at least 2048, while the OpenSSH default is 1024: > > /etc/crypto-policies/back-ends/opensshserver.config > > ... > PubkeyAcceptedAlgorithms > ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-...@openssh.com,sk-ecdsa-sha2-nistp...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519,ssh-ed25519-cert-...@openssh.com,sk-ssh-ed25...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-...@openssh.com > ... > RequiredRSASize 2048 > > -- > Jing Luo > About me: https://jing.rocks/about/ > GPG Fingerprint: 4E09 8D19 00AA 3F72 1899 2614 09B3 316E 13A1 1EFC
_______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
