Ares <a...@riseup.net> wrote: > On Fri, Oct 22, 2021 at 08:56:13AM -0600, Theo de Raadt wrote: > >Emiel Kollof <em...@kollof.nl> wrote: > > > >> Ivo Chutkin schreef op vr 22-10-2021 om 15:23 [+0300]: > >> > Hello all, > >> > > >> > I am unable to log in with Pubkey after upgrade to 7.0 > >> > > >> > I can log in with user/password. > >> > > >> > What i get in the log is: > >> > > >> > Oct 22 15:10:01 sklad sshd[88986]: userauth_pubkey: key type ssh-rsa > >> > >> See https://www.openssh.com/releasenotes.html > >> > >> Suggested workaround in your ssh config: > >> > >> Host old-host > >> HostkeyAlgorithms +ssh-rsa > >> PubkeyAcceptedAlgorithms +ssh-rsa > > > >Please stop telling people to work around it. We removed ssh-rsa for > >a damn good reason. > > > >Do you still use a horse buggy to visit the grocery store? > > > > While I'm not arguing with your damn good reasons for taking such > actions. We don't always have the luxury of having the necessary > permission to update the other side of a connection. Also yes, in my > hometown of Lancaster plenty of people still take a horse buggy to get > groceries.
Yes, you do have the luxury of upgrading the clients because this change is *NOT NEW*, newer key methods are over five years old. Those older clients have other bugs. Generally not security related. Perhaps we can only hope those people running such older clients get holed. Then they will update them to resolve the ssh-rsa problem. Fair, right?
