From nobody Sat Feb 10 06:28:00 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TX14c27HGz592Pk for ; Sat, 10 Feb 2024 06:28:16 +0000 (UTC) (envelope-from walterp@gmail.com) Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TX14Z112hz4Dv9 for ; Sat, 10 Feb 2024 06:28:14 +0000 (UTC) (envelope-from walterp@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-604819d544cso17116047b3.1 for ; Fri, 09 Feb 2024 22:28:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707546492; x=1708151292; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hP32g8FOfSamuxd5uv34QIjRSgOzoyfs1E0uWxcgqUk=; b=WwWg86s/MSsrbbKfHUfNfnEpMiEEOOP6aOqSBi/8HNZPyzfUY36WBs0ZjLS10Uw879 31JscqKu8dUT6tg1YKaVL/z5VjtCYPRcF4UkO0tGldSNPHiogik/+CASnBsdy7Ipq1Y7 8gObFdwLRzf/5tCBy/e5GdqDLvedGV79X16ExBdmH0L+wX+E2xy/FXgt7jLMTskzj3+U 7pKCXsnMzjaMcEgajy78Qy79oC9iIHi+sdMuvNVKauGq/SNimdyA/9lvCjNxPRRaHxYe QlL2kuVLAAyI4BmR1Z8ZPh2SRndAoXBJp37LNFBvDUeC+p2Wb9H1omyWjVnIseOGz/2U ThEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707546492; x=1708151292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hP32g8FOfSamuxd5uv34QIjRSgOzoyfs1E0uWxcgqUk=; b=jyQnvJekRZLdEoLyR2kcrsCy3SRux6Zd/XJUFC7u2eFAdbmUqpAv6XeuPUTylFlOul kqXEab7AyrEZbcrTSpEUEP1IkhsreJbttR8eWIAFO8pH0sSlOH14CIEoKPdRO8ZlGbGZ JOyNjApgsw8GDgZC/tw/OsBOcAOch+OB6c2TLUSaHy+fZo1dN7Kr4nTuvzAuw3NgwNzh 94Mya7quJxrD3AhDftYW8L2eSTBa7Gc4qytaVzuJn0m91QF2YKeFcIsuJJboIsDzIq/o 4hITnZr3vPfIYqUaMelDkq6l3QcMn6LdmAc8QtrtTUEswQpFsCr/gb3Rnloa0mZIXaxD zUzQ== X-Gm-Message-State: AOJu0YyXV/6gn6HHTnlf9WNF/yT9N6iiDyYC+CqrHh5BlBhQ+AViXT6l QCBJ0RZIwleoAaIvQhMZnJnePeB8m4DVw18TDTb6IlReOKUd6zIlgxyVHiU98UR7BtK+mNRBOCO oK9RTDTzCOcppDpRm5VlhDYwK+68= X-Google-Smtp-Source: AGHT+IGrDqOZnIdWAz2bhQOaPJXFh9yi2cd5gpGKwkH33gbRBgq0MXjuoXXF6YnmoJJeYejvF1QyxF7R3Prxw21+xus= X-Received: by 2002:a81:48c4:0:b0:5ef:902b:75a6 with SMTP id v187-20020a8148c4000000b005ef902b75a6mr1334040ywa.20.1707546491882; Fri, 09 Feb 2024 22:28:11 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <296848ac-9121-4b9b-a514-6da8ed2d3af1@menhennitt.com.au> In-Reply-To: <296848ac-9121-4b9b-a514-6da8ed2d3af1@menhennitt.com.au> From: Walter Parker Date: Fri, 9 Feb 2024 22:28:00 -0800 Message-ID: Subject: Re: putty from Windows to FreeBSD 14.0 says "Server refused our key" To: Graham Menhennitt Cc: freebsd-questions@freebsd.org Content-Type: multipart/alternative; boundary="0000000000001617b406110126e6" X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4TX14Z112hz4Dv9 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated --0000000000001617b406110126e6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I=E2=80=99d have to go look, but the most recent versions of openSSH got ri= d of some of older signature algorithms from the default configuration. FreeBSD picked up those new changes. Depending on which version of 13 you have, it might have an older version of openSSH that still has RSA in the default configuration. Walter The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandei= s On Fri, Feb 9, 2024 at 10:04=E2=80=AFPM Graham Menhennitt wrote: > Hello list, > > I have a box that I recently upgraded to FreeBSD 14.0. It all appears to > be working ok except for one thing. When I attempt to use Putty on > Windows to connect to it using SSH, I get an error "Server refused our > key" and it drops back to password authentication. I have not modified > sshd_config from the default. > > I've used this same key for many years from Putty and from other FreeBSD > boxes. It still works successfully from FreeBSD 13 to FreeBSD 14, but > not from Putty to FreeBSD 14. > > In auth.log on the FreeBSD 14 box, I can see that it says > "userauth_pubkey: signature algorithm ssh-rsa not in > PubkeyAcceptedAlgorithms [preauth]". So, I guess that I could fix this > by modifying sshd_config, but I don't understand why it works from > FreeBSD 13 but not Putty. > > Something that may be related (but I'm not sure). When I use password > authentication from Putty, it appears that it doesn't read my .bashrc. > When I login from FreeBSD 13, it does read .bashrc. > > Does anybody have any clues, please. > > Thanks in advance, > > Graham > > > > --0000000000001617b406110126e6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I=E2=80=99d have to go look, but the most recent versions= of openSSH got rid of some of older signature algorithms from the default = configuration. FreeBSD picked up those new changes. Depending on which vers= ion of 13 you have, it might have an older version of openSSH that still ha= s RSA in the default configuration.


Walter

The greatest= dangers to liberty lurk in insidious encroachment by men=C2=A0of zeal, wel= l-meaning but without understanding. =C2=A0 -- Justice Louis D.=C2=A0Brande= is


On Fri, Feb 9, 2024 at 10:04=E2=80= =AFPM Graham Menhennitt <gra= ham@menhennitt.com.au> wrote: