From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id WOJjJcZ9qWL6xQAAbAwnHQ (envelope-from ) for ; Wed, 15 Jun 2022 08:35:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id iPsfJcZ9qWJf/AAAauVa8A (envelope-from ) for ; Wed, 15 Jun 2022 08:35:50 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2ED4C4000D for ; Wed, 15 Jun 2022 08:35:49 +0200 (CEST) Received: from localhost ([::1]:49450 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o1Md1-0003zi-TW for larch@yhetil.org; Wed, 15 Jun 2022 02:35:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51582) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1MYW-0003u5-VE for bug-guix@gnu.org; Wed, 15 Jun 2022 02:31:14 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42378) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o1MYQ-0008DO-Hr for bug-guix@gnu.org; Wed, 15 Jun 2022 02:31:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1o1MYQ-0000Iq-CM for bug-guix@gnu.org; Wed, 15 Jun 2022 02:31:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#54950: Connecting to remote guix daemon with encrypted SSH key fails Resent-From: Arun Isaac Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 15 Jun 2022 06:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54950 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxim Cournoyer Cc: 54950@debbugs.gnu.org Received: via spool by 54950-submit@debbugs.gnu.org id=B54950.16552746451137 (code B ref 54950); Wed, 15 Jun 2022 06:31:02 +0000 Received: (at 54950) by debbugs.gnu.org; 15 Jun 2022 06:30:45 +0000 Received: from localhost ([127.0.0.1]:36275 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1MY8-0000IG-Lc for submit@debbugs.gnu.org; Wed, 15 Jun 2022 02:30:44 -0400 Received: from mugam.systemreboot.net ([139.59.75.54]:46416) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1o1MY5-0000I5-6i for 54950@debbugs.gnu.org; Wed, 15 Jun 2022 02:30:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=P+b39sJQrsIuKAmTAoZSoipQkOpx1otXrL4396d7xSc=; b=biUsUpGyK4Sde5zRNbONerqHzs 9t45354s9K6p4ajbW4ntLh5arqQUuDVfR73QkzAjUykVqYRoimMjZMUqgWHGxlDxPnhqW0SfkG9vY GN5CP8/jm1WNmd4gB+ZNJqWy9a3tLkm8xbTZX42wOBi6478DXMHDyNH01YYoLv40wTnwv288qqILg n0VbpyBjOTETpkS373ng4QORfs7TYDyCHmu68a4tcxeppN7GDJt8zIVy/OuAmFIjH0zqwtLfWrdVP 03RA2ZS9Ij0T1962A55bkChQ8GiHl5swEm/M0x/LoYgADcFpMBOP5PibtGrLD6IYew8qrtTc45nPc uikv/6+w==; Received: from [192.168.2.1] (port=4692 helo=steel) by systemreboot.net with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1o1MY0-000BeN-U3; Wed, 15 Jun 2022 12:00:37 +0530 From: Arun Isaac In-Reply-To: <87a6amkie3.fsf@gmail.com> References: <87pmli1u3e.fsf@systemreboot.net> <87a6amkie3.fsf@gmail.com> Date: Wed, 15 Jun 2022 12:00:36 +0530 Message-ID: <87sfo630c3.fsf@systemreboot.net> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1655274950; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=P+b39sJQrsIuKAmTAoZSoipQkOpx1otXrL4396d7xSc=; b=YnpJO6SZd+70sdvVclh9Kid28zftBKIqYltGG+do/6OV1ls4kS9Yxib+of/97VyJM7GffE WxYPbLZMewtWZnKQHcstumk0SeDAkJ4rTQ2Xmg0ZMfrIHHyAj8PLQ6xw39Ty9Q9UG8eCLO 1NDT2qckqLhBovzIWIrQKQdpE2HCkdinCJxWJ507XQEdxaQ33PcxVQhUKa9anXKQsA7aYC HzgzErMfqs5qogoyRIbWTlunw4B9FIk3EKQyZh4vFtJTdLTddaEDUWTop7J87HSy+FMvJr 050gIhJwF/tCILPjLmKrbHVISMKe1aWtm0gozr72eAcYRK5bN3eC+Cl4iFLl8w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1655274950; a=rsa-sha256; cv=none; b=Qv8eiMTiPIoSM1B1eT9ifNo+u8YmDGuBCSfqhPYB6kHIexi354OiZLhD8yD7GdwrOy5j6O oB6GAR72xH/8oSYgYSjYcrrf4daK/BQYl2pJ6bEEO0Gl2peOXFpyey3mQGkFxDNVz5d/F4 /5z1rZ3dtPuKt2jaCdctRuXmOu+v++SaP/RdUNR3luHmtvs8q5ErgWTGcJVYKfj12lyTYu Hvm2BWxv1Z05ALWFOQTx0Dr0O5EXPgo0t2DljognS5C37wToTfb/+0P07lK6BV/5Z2WVzC PeEv0Ie6gfq4gsT/sEVSTgPdBVuKl0AQXzsKsvcQkOE9BcwQ6BrWVexvbzeWrg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=systemreboot.net header.s=default header.b=biUsUpGy; dmarc=fail reason="SPF not aligned (relaxed)" header.from=systemreboot.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.01 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=systemreboot.net header.s=default header.b=biUsUpGy; dmarc=fail reason="SPF not aligned (relaxed)" header.from=systemreboot.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 2ED4C4000D X-Spam-Score: 6.01 X-Migadu-Scanner: scn1.migadu.com X-TUID: 2imi+DgKF65W Hi Maxim, > I suspect this is due to changes in OpenSSH *client* that now refuse > older RSA keys for security reasons. This doesn't seem to be. Here's why: I have another machine that I ssh to using an unencrypted RSA key. I am able to connect to the Guix daemon on that machine without any trouble. What's more, the machine with an encrypted key, whose Guix daemon I'm unable to connect to, uses an ECDSA key. > Could you retry with the following option: 'StrictHostKeyChecking no' > applied to the host in your ~/.ssh/config? Adding 'StrictHostKeyChecking no' makes no difference. The unencrypted key still works, and the encrypted doesn't. Cheers! Arun