From nobody Sat Feb 10 06:36:49 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TX1GZ0QRLz593RN for ; Sat, 10 Feb 2024 06:36:54 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Received: from seagreen.cherry.relay.mailchannels.net (seagreen.cherry.relay.mailchannels.net [23.83.223.160]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TX1GX5LHrz4Hjd for ; Sat, 10 Feb 2024 06:36:52 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=menhennitt.com.au header.s=dreamhost header.b=ZTx8WYYj; dmarc=none; arc=pass ("mailchannels.net:s=arc-2022:i=1"); spf=pass (mx1.freebsd.org: domain of graham@menhennitt.com.au designates 23.83.223.160 as permitted sender) smtp.mailfrom=graham@menhennitt.com.au X-Sender-Id: dreamhost|x-authsender|graham@menhennitt.com.au Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 8EE2783CD6 for ; Sat, 10 Feb 2024 06:36:51 +0000 (UTC) Received: from pdx1-sub0-mail-a202.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 58E6983900 for ; Sat, 10 Feb 2024 06:36:50 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1707547010; a=rsa-sha256; cv=none; b=fm3dDf2uVJT0Zo2o8zB1cJ4GW2m97Tv1szrN3DaO1ZOeqM4wGRmQMUouinKI/VysQYhUsg BhDuQ7joQzaFrmVH1H/acWHqgorDRALlHO8X44dMiix9yC8l9maeHQV2gnti9H0CnPjeFK lmz9DzuTAHn9AMIqiHjnDXDEAGfsWBcTddMO8VG/7sCg2UJPfM9TRNfVxmhrCu0iPz2fOV ewnPWfjGbTtCC+viAT39T7rNaLppHLeQLdnZ+oEdvHCfwHS2qVPjn5CV2qSDTCzRP3wA8u zaC6F5tdZJ6ZB/c9/NMLAahsqfsRBd/NhUa5NH9VsG5nhw7i4pJ+7RHKXyrR2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1707547010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=k2M7YnjHddMZrG9BNoatxJRWtww/LpGBGqLUhMjtWFo=; b=NbU1rYVqu0ZFWtrwCSPVS+Uf2BYdZXwB74bdFMr76IQRMsSDyq/6ZXBzrBOvgb07Has11x mJy4LVg7FSeJ00U8BM6KQncYBrEaYo16bvcVuTKxbuRBDVKCSwim5riLeaif706c4ZndWw 6ljtG4QRrL+FePDUrYn9Towf2mlaBGgAJi6EwHhRK/5EQpCzSlM3ATUZzXzc6lbdzHpBVj dc2RodnMrgGWUV3tDvq1HFe6djphngALlqNW6UGwfkuqkkRI1Q/f+qjHy0mm6c0B3ZvoiW lVHG/vVL8b1zZIDSCWHeAND2IHNpW3S9/wWSA3bIeM4jfH9kLJ5ZFb+MssfWUg== ARC-Authentication-Results: i=1; rspamd-6bdc45795d-bpvcg; auth=pass smtp.auth=dreamhost smtp.mailfrom=graham@menhennitt.com.au X-Sender-Id: dreamhost|x-authsender|graham@menhennitt.com.au X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|graham@menhennitt.com.au X-MailChannels-Auth-Id: dreamhost X-Society-Gusty: 6f10b87a2a822e6d_1707547011447_1291818720 X-MC-Loop-Signature: 1707547011447:4162726373 X-MC-Ingress-Time: 1707547011447 Received: from pdx1-sub0-mail-a202.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.100.214.40 (trex/6.9.2); Sat, 10 Feb 2024 06:36:50 +0000 Received: from [203.3.73.118] (unknown [203.221.161.136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: graham@menhennitt.com.au) by pdx1-sub0-mail-a202.dreamhost.com (Postfix) with ESMTPSA id 4TX1GT65jhzXM for ; Fri, 9 Feb 2024 22:36:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=menhennitt.com.au; s=dreamhost; t=1707547010; bh=k2M7YnjHddMZrG9BNoatxJRWtww/LpGBGqLUhMjtWFo=; h=Content-Type:Date:Subject:To:From; b=ZTx8WYYjMONioz562z2l/Ms+DHKjZFT9G4pxCLGbJ/M9Rf0xf75bZnz5Xp0O5j618 mkTK1WsgcvJzB+EHK5EUhqiu11hUMAhmxE8RPrsz2jwYHKBXko2MECvddVEGm8PwUb gS0z0bgxAK6+ZnNkrSX235SfqqRHUKwd51j0ZIwSVOFTusYFCPtq2Htdq7wpxS6NyX MXHPYlOz0xNaFOjXrXiOIFmclu6dV/PSiH9ivfwSDqaIdmaZFoSrxe++AlQVTvetVu XFVrgQY3ULhFg6EBrkUnkpbMpK7TpY1xXxfABYPEEljpzmG8FI/6zzETGIQOJ/K3q8 3iBwHNstpeWXQ== Content-Type: multipart/alternative; boundary="------------z6MMjIB5m75PqFj4hr5NNeEY" Message-ID: Date: Sat, 10 Feb 2024 17:36:49 +1100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: putty from Windows to FreeBSD 14.0 says "Server refused our key" Content-Language: en-AU To: questions@freebsd.org References: <296848ac-9121-4b9b-a514-6da8ed2d3af1@menhennitt.com.au> From: Graham Menhennitt In-Reply-To: X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.89 / 15.00]; ARC_ALLOW(-1.00)[mailchannels.net:s=arc-2022:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.995]; RWL_MAILSPIKE_EXCELLENT(-0.40)[23.83.223.160:from]; R_DKIM_ALLOW(-0.20)[menhennitt.com.au:s=dreamhost]; R_SPF_ALLOW(-0.20)[+ip4:23.83.208.0/20:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:63213, ipnet:23.83.223.0/24, country:CA]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DMARC_NA(0.00)[menhennitt.com.au]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[23.83.223.160:from]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; MLMMJ_DEST(0.00)[questions@freebsd.org]; DKIM_TRACE(0.00)[menhennitt.com.au:+] X-Rspamd-Queue-Id: 4TX1GX5LHrz4Hjd This is a multi-part message in MIME format. --------------z6MMjIB5m75PqFj4hr5NNeEY Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Thanks Walter. Working now after upgrade to Putty 0.80. Thanks,     Graham On 10/02/2024 5:28 pm, Walter Parker wrote: > I’d have to go look, but the most recent versions of openSSH got rid > of some of older signature algorithms from the default configuration. > FreeBSD picked up those new changes. Depending on which version of 13 > you have, it might have an older version of openSSH that still has RSA > in the default configuration. > > > Walter > > The greatest dangers to liberty lurk in insidious encroachment by > men of zeal, well-meaning but without understanding. -- Justice Louis > D. Brandeis > > > On Fri, Feb 9, 2024 at 10:04 PM Graham Menhennitt > wrote: > > Hello list, > > I have a box that I recently upgraded to FreeBSD 14.0. It all > appears to > be working ok except for one thing. When I attempt to use Putty on > Windows to connect to it using SSH, I get an error "Server refused > our > key" and it drops back to password authentication. I have not > modified > sshd_config from the default. > > I've used this same key for many years from Putty and from other > FreeBSD > boxes. It still works successfully from FreeBSD 13 to FreeBSD 14, but > not from Putty to FreeBSD 14. > > In auth.log on the FreeBSD 14 box, I can see that it says > "userauth_pubkey: signature algorithm ssh-rsa not in > PubkeyAcceptedAlgorithms [preauth]". So, I guess that I could fix > this > by modifying sshd_config, but I don't understand why it works from > FreeBSD 13 but not Putty. > > Something that may be related (but I'm not sure). When I use password > authentication from Putty, it appears that it doesn't read my > .bashrc. > When I login from FreeBSD 13, it does read .bashrc. > > Does anybody have any clues, please. > > Thanks in advance, > >      Graham > > > --------------z6MMjIB5m75PqFj4hr5NNeEY Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Thanks Walter. Working now after upgrade to Putty 0.80.

Thanks,

    Graham

On 10/02/2024 5:28 pm, Walter Parker wrote:
I’d have to go look, but the most recent versions of openSSH got rid of some of older signature algorithms from the default configuration. FreeBSD picked up those new changes. Depending on which version of 13 you have, it might have an older version of openSSH that still has RSA in the default configuration.


Walter

The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis


On Fri, Feb 9, 2024 at 10:04 PM Graham Menhennitt <graham@menhennitt.com.au> wrote:
Hello list,

I have a box that I recently upgraded to FreeBSD 14.0. It all appears to
be working ok except for one thing. When I attempt to use Putty on
Windows to connect to it using SSH, I get an error "Server refused our
key" and it drops back to password authentication. I have not modified
sshd_config from the default.

I've used this same key for many years from Putty and from other FreeBSD
boxes. It still works successfully from FreeBSD 13 to FreeBSD 14, but
not from Putty to FreeBSD 14.

In auth.log on the FreeBSD 14 box, I can see that it says
"userauth_pubkey: signature algorithm ssh-rsa not in
PubkeyAcceptedAlgorithms [preauth]". So, I guess that I could fix this
by modifying sshd_config, but I don't understand why it works from
FreeBSD 13 but not Putty.

Something that may be related (but I'm not sure). When I use password
authentication from Putty, it appears that it doesn't read my .bashrc.
When I login from FreeBSD 13, it does read .bashrc.

Does anybody have any clues, please.

Thanks in advance,

     Graham



--------------z6MMjIB5m75PqFj4hr5NNeEY--