[pkg-gnupg-maint] Bug#1008573: Bug#1032907: GnuPG ssh-agent emulation smartcard issues when connecting to server running newer OpenSSH
Vagrant Cascadian
vagrant at debian.org
Sun Jan 12 02:11:15 GMT 2025
On 2025-01-11, Vagrant Cascadian wrote:
> On 2023-04-06, John Scott wrote:
>> It seems bugs #998728, 1008573, and #1032907 are all the same. Perhaps
>> the maintainers would like to merge them.
>>
>> Thanks for your workaround, Vagrant; I found that adding
>> KexAlgorithms -sntrup761x25519-sha512 at openssh.com
>> to my ~/.ssh/config allows me to connect to a Bookworm machine, from
>> Bookworm, and also to hosts running a newer OpenSSH daemon.
>
> With the recent update of openssh in bookworm (1:9.2p1-2+deb12u4) this
> no longer seems a sufficient workaround; I can no longer ssh in to
> machines running this version of openssh.
>
> My hunch is the problem was introduced in a new and exciting way with:
>
> https://bugs.debian.org/1088873
> openssh: please add sntrup761x25519-sha512 as an alias to sntrup761x25519-sha512 at openssh.com in 9.2/Bookworm
>
> Specifying both in ~/.ssh/config does not work around the issue for me:
>
> KexAlgorithms -sntrup761x25519-sha512 at openssh.com,-sntrup761x25519-sha512
I just confirmed that downgrading to openssh-server 1:9.2p1-2+deb12u3
does work again on at least one machine.
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250111/0e207883/attachment.sig>
More information about the pkg-gnupg-maint
mailing list