https://bugzilla.mindrot.org/show_bug.cgi?id=3824
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Darren Tucker <[email protected]> --- (In reply to Martin-Éric RACINE from comment #2) [...] > I'm asking, because I need to check why authentication suddenly > fails for a host and the information provided by -vvv is too > abstract. I suspect that the key exchange or host key algorithms > might have changed on the remote, Failure to negotiate key exchange or hostkey algorithms should be fairly clear: $ /usr/bin/ssh -o hostkeyalgorithms=ssh-dss localhost Unable to negotiate with 127.0.0.1 port 22: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 $ /usr/bin/ssh -o kexalgorithms=diffie-hellman-group1-sha1 localhost Unable to negotiate with 127.0.0.1 port 22: no matching key exchange method found. Their offer: mlkem768x25519-sha256,sntrup761x25519-sha512,[email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,[email protected] > and I was hoping for a command > option that prints only that i.e. something like "ssh -Q" but able > to query the remote, rather than what the local "ssh" binary > supports. Mismatches in PubkeyAcceptedAlgorithms on the server side will be less obvious to the client. As a general rule sshd won't disclose the reasons for authentication failures to unauthenticated connections, so generally this kind of thing will only be available in the server-side debugging. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
