Hello

I upgraded one of my servers to Slackware 15, from 14.2

I have one problem I can't figure out. I can ssh from a terminal on my Linux Mint workstation to the server, and I don't need a password. The ~/.ssh/id_rsa on the client and ~/.ssh/authorized_keys on the server work fine.

I could do the same from this workstation to the same server before I upgraded Slackware. But now I can't. It asks me for the password.

I am tempted to guess this must be some putty configuration, except it worked before I upgraded the server, and it still works for other servers. So something must have changed about the defaults of the ssh server in Slackware 15.

Anyone have a clue what it might be? I diffed the old sshd_config and the new one, can't see any relevant difference there.

Thanks in advance.

RSA is no longer supported. You'll need to upgrade. See below.

Originally Posted by Pat on The ChangeLog
Sun Sep 26 18:57:07 UTC 2021
[...]
n/openssh-8.8p1-x86_64-1.txz: Upgraded.
Please note "Potentially-incompatible changes" from the release notes:
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Code:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf

1 members found this post helpful.

not quite

RSA with SHA1 algorithm is no longer supported

1 members found this post helpful.

SHA-1 isn't my problem:

I had the exact same problem. I changed my key to another type (ECDSA or Ed25519)

Your user's ssh key or the server key?

Both.

But why is it only an issue with Putty?

Is it possible that when you tried to log into the undated server with Putty for the fist time you didn't update the host key cached in Putty?

How would I check that? Putty is great, except for the settings. I can never find anything in there

Sorry no I don't.

It would appear that I misunderstood your original issue as well. The problem I had was putty would log into an updated server but WinSCP would not when I was using the same key.

I upgraded my second Slackware server to 15 and have exactly the same problem.

The key autentication works with a terminal, works with svn checkout, but won't work with putty.