PubkeyAcceptedKeyTypes and ssh-dsa key type
I'm trying to test the order in which keys are tried. One of the system's users is using DSA, so I'm trying to test it as an option. I'm getting a Bad key types.
$ ssh -vv -p 1522 [email protected]
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /Users/jwalton/.ssh/config
/Users/jwalton/.ssh/config line 2: Bad key types 'ssh-ed25519,ecdsa-sha2-nistp256,ssh-dsa,ssh-rsa'.
I narrowed it down to ssh-dsa. According to ssh_config(5)
(its actually part of sshd_config(5), but its listed as a new ssh_config feature in the OpenSSH 7.0 release notes):
The -Q option of ssh(1) may be used to list supported key types.
However, I can't seem to get it to work:
riemann::~$ ssh -Q
/usr/local/bin/ssh: option requires an argument -- Q
riemann::~$ ssh -Q dsa
Unsupported query "dsa"
riemann::~$ ssh -Q ssh-dsa
Unsupported query "ssh-dsa"
riemann::~$ ssh -Q ed25529
Unsupported query "ed25529"
riemann::~$ ssh -Q ssh-ed25529
Unsupported query "ssh-ed25529"
riemann::~$ ssh -Q PubkeyAcceptedKeyTypes
Unsupported query "PubkeyAcceptedKeyTypes"
How does one use the ssh -Q option?
What is the key type for ssh-dsa?
Solution 1:
Reading manual pages should help you:
-Q cipher | cipher-auth | mac | kex | key | protocol-versionQueries
sshfor the algorithms supported for the specified version 2. The available features are:cipher(supported symmetric ciphers),cipher-auth(supported symmetric ciphers that support authenticated encryption),mac(supported message integrity codes),kex(key exchange algorithms),key(key types) andprotocol-version(supported SSH protocol versions).
Calling ssh -Q key gives you what you want:
ssh -Q key
ssh-ed25519
[email protected]
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
This is new feature in openssh-7.0 so remember that it doesn't have to work in older versions.
ssh-dsa key type is ssh-dss and it is disabled by default in this version.