On 30.06.25 14:34, Brian Candler wrote:
On 30/06/2025 13:14, Jochen Bern wrote:What I've seen getting *specifically* refused is my local ssh-agent signing with the older (and shorter, 4kb) RSA keypair, but that doesn't seem to explain *all* the now-failing connections, eitherThat's a 4096-bit RSA key pair? Can you show the error message? If it's not fixed by PubkeyAcceptedAlgorithms +ssh-rsa HostKeyAlgorithms +ssh-rsa then I don't know what the issue might be.
... it seems that I have to take that statement back, sorry. There was (still is) a combo of error messages
Authenticating with public key "..." from agent Pageant failed to provide a signature
when I run *puTTY* against the OpenSSH ssh-agent loaded with (only) the old RSA key, but temporarily changing a still-working target host to only accept that keypair and then logging in with the *same* ssh-agent and "ssh" works fine ...
(And yes, puTTY can use the *newer* keypair straight out of OpenSSH's agent ... weird ... the privkey's file format should be fully irrelevant at that point, shouldn't it?)
$ file .ssh/id_binect_*rsa .ssh/id_binect_newrsa: OpenSSH private key .ssh/id_binect_rsa: PEM RSA private key
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
