[Bug 1756031] Re: openssh-server doesn't accept aes256-cbc key
ChristianEhrhardt
1756031 at bugs.launchpad.net
Fri Mar 16 09:30:53 UTC 2018
AFAIK build time:
sshkey.h:49:#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024
And those short keys are really considered insecure, which is the reason
they went from deprecated to no more accepted.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1756031
Title:
openssh-server doesn't accept aes256-cbc key
Status in openssh package in Ubuntu:
Confirmed
Bug description:
I am using putty connection with RSA key cached in pageant and want to
login without password.
Private key on windows:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
...
On ubuntu there is public key in .ssh/authorized_keys
ssh-rsa AAAAB3Nz...JBjQ== palo at winpgnotas
This key works well in ubuntu versions 14.04...17.10
When I tried 18.04 beta, I am getting sshd error:
mar 15 10:26:21 ubox sshd[5205]: error: userauth_pubkey: could not parse key: Invalid key length [preauth]
and I have to provide password.
I've found that aes256-cbc is not in the list of allowed ciphers by default, so I added
Ciphers +aes256-cbc
to /etc/ssh/sshd_config
(and verified with nmap --script ssh2-enum-algos -sV -p 22 127.0.0.1)
but the sshd error remains.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssh-server 1:7.6p1-4
ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
Uname: Linux 4.15.0-10-generic x86_64
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
Date: Thu Mar 15 10:03:14 2018
InstallationDate: Installed on 2018-03-12 (2 days ago)
InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1)
SourcePackage: openssh
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1756031/+subscriptions
More information about the foundations-bugs
mailing list