I upgraded one of my systems from F22 -> F24. The upgrade went fine, however, after the upgrade when I do an ssh from the F24 system to the F22 system I get the following error:
sign_and_send_pubkey: signing failed: agent refused operation
I re ran ssh-keygen on the F24 to generate the keys. I removed the F24 system entries in the known_hosts file on the F22 system. I copied the F22 public key to the F24 system and added it to the authorized_keys file. I still get the error.
Running ssh from the F22 system to the F24 system works fine after having copied the F22 public key to the F24 system and adding it to the authorized_keys file and deleting the F22 entries in the known_hosts file.
Now here's the strange part. If I start on the F22 system and ssh to the F24 system and then ssh back to the F22 system I don't see the error, it connects without prompting for a password.
I also tried ssh F24 -> F24 and I get the error when the system on which I run the ssh is 192.168.10.5, but not when the originating system is my other F24 system at 192.168.10.2. ssh F24 (192.168.10.2) -> F24 (192.168.10.5) no error, but still prompts for password. ssh F24 (192.168.10.2) -> F22 (192.168.10.65) works no password prompt.
Anyone have an idea of what's going on and how to fix it?
Any help is appreciated.
Paolo
On Sat, 23 Jul 2016 09:10:39 -0700 Paolo Galtieri wrote:
Anyone have an idea of what's going on and how to fix it?
Well, somewhere in that timeframe the security geeks of the world declared several encryption algorithms and dsa keys as insecure and turned them off by default. Perhaps you are hitting something in that vicinity.
I spent weeks tracking down all the places that had a dsa public key in authorized keys and changing them to rsa version 2 keys (which no doubt means rsa version 2 will soon be declared insecure as well :-).
Tom, I noticed that earlier when I got an "invalid cipher 3des" error.
Thanks, Paolo
On 07/23/2016 10:00 AM, Tom Horsley wrote:
On Sat, 23 Jul 2016 09:10:39 -0700 Paolo Galtieri wrote:
Anyone have an idea of what's going on and how to fix it?
Well, somewhere in that timeframe the security geeks of the world declared several encryption algorithms and dsa keys as insecure and turned them off by default. Perhaps you are hitting something in that vicinity.
I spent weeks tracking down all the places that had a dsa public key in authorized keys and changing them to rsa version 2 keys (which no doubt means rsa version 2 will soon be declared insecure as well :-). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
Paolo Galtieri -
Tom Horsley