_files/genppageinit.gif){kind=small}
_files/ibm-comm-wordmark.png){kind=small}
_files/blank.gif){kind=spacer}
_files/photo_002.jpg){kind=small}
_files/iconVote.png)
0
_files/iconWarning.gif "IC Sunset")
The
developerWorks Connections platform will be sunset on December 31,
2019. On January 1, 2020, this blog will no longer be available. More details available on our FAQ.
OpenSSH 7.0 & greater disable ssh-dss by default.OpenSSH 7.0 & greater disable ssh-dss by default. http If you upgrade OpenSSH, to 7.1.102.1100 on AIX for example, you may notice that you're unable to login afterwards, with ssh-dss keys. In syslog you'll see messages similar to this:
Syslog: Sep 11 15:40:34 cgaix auth|security:info sshd[9961802]: userauth_pubkey: key type ssh-dss not in Pubk
# lslpp -l openssh\* Path: /etc/objrepos
From the OpenSSH webs
"OpenSSH 7.0 and greater similarly disable the
ssh-dss (DSA) public key algorithm. It too is weak and we recommend
against its use. It can be re-enabled using the HostKeyAlgorithms
configuration option:
ssh -oHo
or in the ~/.ssh/config file:
Host some
HostKeyAlgorithms +ssh-dss"
The recommendation is to stop using DSA and move to something stronger, like RSA or ECDSA.
If you're stuck and you have a lot of users with ssh-dss
keys, you could enable it (temporarily) by adding the following line to
your /etc
# grep Acc /etc # stopsrc -s sshd ; sleep 5 ; startsrc -s sshd
|
_files/photo.jpg){kind=small}
Hi Anpodila, no, I have not seen this problem. Perhaps it was broken before the update. Try reinstalling the openssh.man.en_US fileset.
_files/photo_002.png){kind=small}
MAN PAGES BROKEN IN OPENSSH 7.5
After I update to Openssh 7.5 man pages are broken with error message similar to below.
Reformatting page. Wait.../usr/bin/nroff: Argument not valid for .Dt ; line 26, file <standard input> finished
Any idea of it?
Hi Ricky, that's not something I've tested. However, I did notice that the README states: "Support for TCP_Wrappers is removed by OpenSSH community"! The REAMD file is here: https://ibm.co/2nm7YFu. Is there anything interesting in syslog? Check this link as well: http://www-01.ibm.com/support/docview.wss?uid=isg3T1025737. The only way I can think of fixing this, would be to download the openssh src code and compile it, with tcp_wrapper support enabled.
_files/photo.png){kind=small}
Hi Chris, I found after I upgrade to SSH 7.5 on AIX 7.1, TCP wrapper no longer effective. Do you have any idea?
