PSA: If you upgrade to openssh 7 client and realize that you were depending on dsa keys that you hadn’t yet updated to rsa keys in ~/.ssh/authorized_keys on remote hosts, and now you are getting a lot of “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)” messages when trying to ssh to remote systems, it might help to copy your id_rsa to the other systems with a command like:
ssh-copy-id -i ~/.ssh/id_rsa -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedKeyTypes=+ssh-dss $HOST
(The openssh “legacy” page ignores the need for “-oPubkeyAcceptedKeyTypes=+ssh-dss”)
Michael K Johnson December 19, 2015 17:28
http://www.openssh.com/legacy.html is the page to which I was referring
Michael K Johnson July 20, 2016 21:19
+Noah Friedman here’s how to deal with that old dsa key you were just complaining about, FYI.
Yes, it was annoying…
Noah Friedman July 21, 2016 01:42
Thanks. Yeah, I did find that page eventually. I think I had to add KexAlgorithms=+diffie-hellman-group1-sha1 to it as well.
Imported from Google+ — content and formatting may not be reliable