ssh icon indicating copy to clipboard operation
ssh copied to clipboard

Published 20 hours ago verified publisher icon gliderlabs

Support RSA SHA-2 (RFC8332) signatures

Open SURA907 opened this issue 2 years ago • 5 comments

Cf golang/go#37278

Crypto already supports RSA SHA-2 (RFC8332) signatures

Only need to upgrade mod to support RSA SHA-2 (RFC8332) signatures

Thanks

SURA907 avatar Nov 16 '21 02:11 SURA907

It looks like x/crypto/ssh is not ready

SURA907 avatar Feb 10 '22 09:02 SURA907

Looks like x/crypto/ssh added support recently. Could this be added now? https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf

mikesmitty avatar Apr 28 '22 20:04 mikesmitty

Is it really just updating the mod that's needed? That should be an easy fix.

belak avatar Apr 28 '22 20:04 belak

We do not have server support yet, so we're still waiting for that change to happen in x/crypto

Client support is already here and simply requires a go get -u golang.org/x/crypto

quackduck avatar May 22 '22 13:05 quackduck

Switching from x/crypto to rmohr/crypto would add both client and server support and fix this issue. The problem I see is that we would then be using a fork not officially maintained by the Go project and would be a bit out of date.

quackduck avatar May 24 '22 00:05 quackduck

Until gliderlabs/ssh package updates its direct dependency on crypto/ssh you have to update its on your go.mod project file by running go get -u golang.org/x/crypto in the project root dir.

gustavosbarreto avatar Aug 25 '22 13:08 gustavosbarreto

I think this should be fixed now - golang.org/x/crypto was updated and a new version (v0.3.5) has been tagged.

belak avatar Aug 31 '22 21:08 belak

Perhaps I'm doing something wrong, but I've still been unable to connect when using an RSA key (rsa-sha2-256, rsa-sha2-512) unless I turn on the deprecated -oPubkeyAcceptedKeyTypes=+ssh-rsa flag...

Step 1: Build the ssh-publickey example, with latest versions of gliderlabs/ssh and x/crypto

cd /tmp/test
git clone https://github.com/gliderlabs/ssh/
cd ssh/_examples/ssh-publickey
go mod init github.demo/_examples/ssh-publickey
go get github.com/gliderlabs/ssh@latest
go get golang.org/x/crypto@latest
go build .
./ssh-publickey

Step 2: Then test connecting with an RSA key:

cd /tmp/test
ssh-keygen -q -t rsa -N "" -f test-key-rsa
ssh -F /dev/null -oStrictHostKeychecking=no -oUserKnownHostsFile=/dev/null \
-oPubkeyAcceptedKeyTypes=-ssh-rsa -i ./test-key-rsa localhost -p 2222

### output: "user@localhost: Permission denied (publickey)."

Step 3: Rebuild ssh-publickey with rmohr/crypto fork of x/crypto

cd /tmp/test/ssh/_examples/ssh-publickey
# edit go.mod

Add this line to go.mod, after

replace golang.org/x/crypto => github.com/rmohr/crypto v0.0.0-20211203105847-e4ed9664ac54

Download the replacement package with:

go get
go build .
./ssh-publickey

Final Step: Repeat test ssh connection

cd /tmp/test
ssh -F /dev/null -oStrictHostKeychecking=no -oUserKnownHostsFile=/dev/null \ 
-oPubkeyAcceptedKeyTypes=-ssh-rsa -i ./test-key-rsa localhost -p 2222

Should work and the SSH key should be echoed

erwin avatar Oct 11 '22 04:10 erwin