I actually downloaded puttygen 066 before re generating the keys. But there is no option for ecdsa keys there.

I've now installed 1.0.1e from the original 14.1 Slackware DVD. With an orignal sshd_config file. But the DSA keys are still not accepted.

Also when connecting from my other slackware64 14.1 machines (with openssl 1.0.1q) I get a password prompt instead of the key exchange method.

I expected slackpkg to keep a copy of the old packages. But alas it does not.

And yes I prepare for the upgrades on telco equipment a lot better. And even then you get stung sometimes.

DSA keys go into ~/.ssh/authorized_keys2 on the target box, I think.

maybe you can have a better luck with a snapshot
if you want that you have to set explicitly the option DELALL=off in /etc/slackpkg/slackpkg.conf (it's written in that same file and in the slackpkg.conf man page) or pass it in the command line with -delall=off.

IMHO downgrading openssl is not a good idea at all.

2 members found this post helpful.

The SSH default change got me back in Aug http://www.linuxquestions.org/questi...in-4175552555/

The openSSH developers made the change and announced it back then http://www.openssh.com/txt/release-7.1

I've now created keys based on rsa with PuttyGen and these work OK. Even after upgrading back to the 1.0.1r version.

I think that the new algorithms like ecdsa are probably better. So I will generate the keys for the Windows clients on the Slackware side using the ssh-keygen tool. And then distribute the client side private keys to the clients. I have 4 Slackware machines (desktop, 2x NAS, router/webserver) and 3 windows clients so not too much work.

Still I find it strange that my dsa keys no longer work. When restarting SSHD the host keys for dsa are generated normally. All documentation still mentions DSA as a valid option.

Edit:
Just updated my desktop slackware to 1.0.1r and restarted sshd. For this machine the root login is still working OK eventhough the PermitRootLogin=yes is hashed out. Also the dsa key from the windows machine is still accepted.

I do have multilib installed on both machines. Could this have any influence?
The multilib version of openssl is still on q

removepkg has a --preserve option which I believe reassembles a package tarball for the removed package. It would be a nice extension to have a similar extension to slackpkg (and I guess upgradepkg, which I assume is used under the hood) so one could have a revertable upgrade. Of course I suppose there could be snakes in the grass with simlinks and such created by the doinst script. So it might not be practical.

Dave