Matt Johnston <m...@ucc.asn.au> [2020-07-19 11:32:56]: Hi,
> It looks like gpg-agent added support in 2.2.5. OpenSSH client 7.7 or later > will print a warning about it. > https://dev.gnupg.org/T3880 Debian 9 (EOL in June 30, 2022) has following: gpg-agent (GnuPG) 2.1.18, OpenSSH_7.4p1 Ubuntu 18.04 (EOL in April, 2023) has following: gpg-agent (GnuPG) 2.2.4, OpenSSH_7.6p1 > I don't think there's anything to change server side - the client is sending > the wrong signature type. BTW latest OpenSSH server version 8.3 works fine with those broken clients, so perhaps there is no such strict checking in place or such? > Old Dropbear worked OK because it didn't advertise rsa-sha2-256 support, so > the client didn't try it. As you can see, there are some users with broken clients which are unable to use Dropbear version > 2019.78. Dropbear is shipped by default in OpenWrt and it's likely, that the next OpenWrt relase will ship with Dropbear version >= 2020.80 and users with those broken clients wouldn't be able to SSH into their devices after the upgrade. Nonethless I've closed the PR and we'll just keep this workaround for those broken clients in our tree. -- ynezz _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
