ssh on FreeBSD 14.3 won't talk to older hosts
0 views
Skip to first unread message
Frank Leonhardt
Aug 11, 2025, 3:11:53 PMAug 11
to freebsd-...@freebsd.org
I have an older FreeBSD box that FreeBSD 14.3 refuses to connect to
using ssh and a certificate login. Everything else works fine (including
14.2), and has done for years. I can connect in the other direction
(from the old host to the 14.3). I can also connect from 14.3 to newer
hosts. I note that OpenSSH has been updated to 9.9p2 for this release.
If I do connect to this older box it reverts to password login, which
does work. It's the certificate login that's borked.
I'm carefully using RSA keys rather than anything fancy, and have
sshd_config modified to accept them. When I connect to the old box I can
specify the exact key to use (-i ~/.ssh/id_rsa) but it doesn't make any
difference.
I can't put sshd in debug mode on an alternative port due to a firewall,
and I don't have console access. It's pointless doing it on any other
host as they all work!
I dare say that someone somewhere decided it was a good idea to disable
ssh certificate logins to older versions of sshd but I can't find the
line I need to add to some config file (presumably /etc/ssh/ssh_config)
to reverse this behaviour.
I note "OpenSSH plans to remove support for the DSA signature algorithm
in early 2025."
Any suggestions?
using ssh and a certificate login. Everything else works fine (including
14.2), and has done for years. I can connect in the other direction
(from the old host to the 14.3). I can also connect from 14.3 to newer
hosts. I note that OpenSSH has been updated to 9.9p2 for this release.
If I do connect to this older box it reverts to password login, which
does work. It's the certificate login that's borked.
I'm carefully using RSA keys rather than anything fancy, and have
sshd_config modified to accept them. When I connect to the old box I can
specify the exact key to use (-i ~/.ssh/id_rsa) but it doesn't make any
difference.
I can't put sshd in debug mode on an alternative port due to a firewall,
and I don't have console access. It's pointless doing it on any other
host as they all work!
I dare say that someone somewhere decided it was a good idea to disable
ssh certificate logins to older versions of sshd but I can't find the
line I need to add to some config file (presumably /etc/ssh/ssh_config)
to reverse this behaviour.
I note "OpenSSH plans to remove support for the DSA signature algorithm
in early 2025."
Any suggestions?
Dag-Erling Smørgrav
Aug 11, 2025, 3:20:28 PMAug 11
to Frank Leonhardt, freebsd-...@freebsd.org
Frank Leonhardt <freeb...@fjl.co.uk> writes:
> I have an older FreeBSD box that FreeBSD 14.3 refuses to connect to
> using ssh and a certificate login. [...]
> I have an older FreeBSD box that FreeBSD 14.3 refuses to connect to
Please post the output of `ssh -vvv olderhost id` from your 14.3
machine.
If you have another machine that can still connect to the older box
using certificate authentication, please post the output of `ssh -vvv
olderhost id` from that machine as well.
DES
--
Dag-Erling Smørgrav - d...@FreeBSD.org
Frank Leonhardt
Aug 11, 2025, 3:26:01 PMAug 11
to ques...@freebsd.org
attempt finally worked (I've been at this most of the afternoon on and
off). They've changed the accepted key types default so you have to
specify it in /etc/ssh/ssh_config (or ~/.ssh/config).
Add the following:
HostKeyAlgorithms=+ssh-dss
PubkeyAcceptedKeyTypes +ssh-rsa
Protocol 2,1
I have all three but they may not all be needed in all circumstances,
and having protocol 1 isn't something you want to enable unless you're
aware of the risks.
This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default,
so the default key type it creates it won't use without this hack.
Unless I'm missing something.
Regards, Frank.
Frank Leonhardt
Aug 11, 2025, 3:34:43 PMAug 11
to ques...@freebsd.org
of doing it. As my reply to myself, I figured it out five minutes after
posting the question having wasted hours on it previously.
Christian Weisgerber
Aug 20, 2025, 10:35:33 AMAug 20
to Frank Leonhardt, ques...@freebsd.org
Frank Leonhardt:
> Add the following:
>
> HostKeyAlgorithms=+ssh-dss
> PubkeyAcceptedKeyTypes +ssh-rsa
> Protocol 2,1
>
> I have all three but they may not all be needed in all circumstances, and
> having protocol 1 isn't something you want to enable unless you're aware of
> the risks.
That's cute if "Protocol 2,1" is still accepted for compatibility,
but there is no risk. The actual protocol 1 code has been summarily
deleted from OpenSSH as of release 7.6 (Oct 2017).
> This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default, so
Actually, that has been Ed25519 since OpenSSH 9.5 (Oct 2023)... but the
FreeBSD -stable branches haven't picked up that change.
> the default key type it creates it won't use without this hack. Unless I'm
> missing something.
There is a difference between a _key type_ and a _public key algorithm_.
Admittely, those are the same for all other key types except for RSA,
where there are three algorithms that can all use the same RSA keys:
* ssh-rsa
* rsa-sha2-256
* rsa-sha2-512
The difference is that those use the SHA-1, SHA-256, and SHA-512
hashes, respectively. SHA-1 is obsolete and no longer considered
secure, so the "ssh-rsa" _algorithm_ has been disabled by default.
You can still use the same "ssh-rsa" _keys_ with rsa-sha2-256 or
rsa-sha2-512.
--
Christian "naddy" Weisgerber na...@mips.inka.de
> Add the following:
>
> HostKeyAlgorithms=+ssh-dss
> PubkeyAcceptedKeyTypes +ssh-rsa
> Protocol 2,1
>
> I have all three but they may not all be needed in all circumstances, and
> having protocol 1 isn't something you want to enable unless you're aware of
> the risks.
but there is no risk. The actual protocol 1 code has been summarily
deleted from OpenSSH as of release 7.6 (Oct 2017).
> This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default, so
FreeBSD -stable branches haven't picked up that change.
> the default key type it creates it won't use without this hack. Unless I'm
> missing something.
Admittely, those are the same for all other key types except for RSA,
where there are three algorithms that can all use the same RSA keys:
* ssh-rsa
* rsa-sha2-256
* rsa-sha2-512
The difference is that those use the SHA-1, SHA-256, and SHA-512
hashes, respectively. SHA-1 is obsolete and no longer considered
secure, so the "ssh-rsa" _algorithm_ has been disabled by default.
You can still use the same "ssh-rsa" _keys_ with rsa-sha2-256 or
rsa-sha2-512.
--
Christian "naddy" Weisgerber na...@mips.inka.de
Frank Leonhardt
Aug 29, 2025, 8:37:41 AM (9 days ago) Aug 29
to Christian Weisgerber, ques...@freebsd.org
Ah, thanks. Good background, and I didn't know a lot of that.
Even if Ed25519 has been the default since OpenSSH, it's a bit much to refuse anything else two years after the change! I'd say refuse if five year AFTER the default was changed.
Regards, Frank.
Reply all
Reply to author
Forward
0 new messages