Posted Updated Text-onlya minute read (About 166 words)

openssh update

Another month, another update. This time, OpenSSH decided to add a key-exchange
algorithm that just so happens to break my GPG+YubiKey ssh setup.

Said kex algorithm is sntrup761x25519-sha512@openssh.com. If you don’t remove
it, any attempts to connect to the server with the “current” yubikey (I have a
5.2.7 yubikey) will result in the scdaemon spitting a not-at-all helpful error
message at you: 

1
gpg-agent[1074]: scdaemon[1074]: app_auth failed: Invalid value

This was a bit confusing and took me a while to figure out why it happens^2, even
with gpg-agent set to output all information possible.

Solution^1:

1
2
# /etc/ssh/sshd_config
+ KexAlgorithms -sntrup761x25519-sha512@openssh.com

It’s worth noting that this config only applies to sshd. If you’re a client trying
to connect to a remote server that doesn’t have this, it will not work. I’m not sure
if this is patched yet.

Links

Categories

Archives

Tags

Coding1
Cypher1
Discord1
Docker1
Fumo2
Games1
Guide1
Linux3
Nix1
OpenSSH1
PostgreSQL1
Python1
Threads1
Touhou Project2

Recents

Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×