On 30.06.25 13:46, Darren Tucker wrote:
On Mon, 30 Jun 2025 at 20:47, Jochen Bern <Jochen.Bern@xxxxxxxxx<mailto:Jochen.Bern@xxxxxxxxx>> wrote: > ProxyCommand seems to be unable, too (because its output apparently gets > swallowed *entirely* by ssh). Its stdout does (since that's its purpose), but its stderr doesn't: $ cat config ProxyCommand sh -c "echo use foo instead >&2" $ ssh -F ./config foo bar use foo instead Connection closed by UNKNOWN port 65535
Ah ... I had tried ">&2" *without* the additional explicit shell (level), thanks, works well. Whereas ...
On 30.06.25 13:09, Brian Candler wrote:
You could abuse a text config setting, like Host foobar Hostname ": You should use ssh -O PubkeyAcceptedAlgorithms=+ssh-rsa"
[...]
Or BindInterface
... these both escape the ANSI control sequences I added, alas. :-3
Although of course, if that were the problem, you could simply apply the fix instead: PubkeyAcceptedAlgorithms +ssh-rsa
I've been using a bunch of *those* for quite a while (because I upped my *default* cryptalgorithm settings *beyond* the back-then OS policy some time ago), and the OS Changelog's remark "OpenSSL libs now refuse signatures with SHA-1" doesn't seem to be *exact*, either. What I've seen getting *specifically* refused is my local ssh-agent signing with the older (and shorter, 4kb) RSA keypair, but that doesn't seem to explain *all* the now-failing connections, either ...
Thanks again, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
