ssh
ssh copied to clipboard
Support RSA SHA-2 (RFC8332) signatures
Cf golang/go#37278
Crypto already supports RSA SHA-2 (RFC8332) signatures
Only need to upgrade mod to support RSA SHA-2 (RFC8332) signatures
Thanks
It looks like x/crypto/ssh is not ready
Looks like x/crypto/ssh added support recently. Could this be added now? https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf
Is it really just updating the mod that's needed? That should be an easy fix.
We do not have server support yet, so we're still waiting for that change to happen in x/crypto
Client support is already here and simply requires a go get -u golang.org/x/crypto
Switching from x/crypto to rmohr/crypto would add both client and server support and fix this issue. The problem I see is that we would then be using a fork not officially maintained by the Go project and would be a bit out of date.
Until gliderlabs/ssh
package updates its direct dependency on crypto/ssh
you have to update its on your go.mod
project file by running go get -u golang.org/x/crypto
in the project root dir.
I think this should be fixed now - golang.org/x/crypto was updated and a new version (v0.3.5) has been tagged.
Perhaps I'm doing something wrong, but I've still been unable to connect when using an RSA key (rsa-sha2-256, rsa-sha2-512) unless I turn on the deprecated -oPubkeyAcceptedKeyTypes=+ssh-rsa
flag...
Step 1: Build the ssh-publickey example, with latest versions of gliderlabs/ssh and x/crypto
cd /tmp/test
git clone https://github.com/gliderlabs/ssh/
cd ssh/_examples/ssh-publickey
go mod init github.demo/_examples/ssh-publickey
go get github.com/gliderlabs/ssh@latest
go get golang.org/x/crypto@latest
go build .
./ssh-publickey
Step 2: Then test connecting with an RSA key:
cd /tmp/test
ssh-keygen -q -t rsa -N "" -f test-key-rsa
ssh -F /dev/null -oStrictHostKeychecking=no -oUserKnownHostsFile=/dev/null \
-oPubkeyAcceptedKeyTypes=-ssh-rsa -i ./test-key-rsa localhost -p 2222
### output: "user@localhost: Permission denied (publickey)."
Step 3: Rebuild ssh-publickey with rmohr/crypto
fork of x/crypto
cd /tmp/test/ssh/_examples/ssh-publickey
# edit go.mod
Add this line to go.mod, after
replace golang.org/x/crypto => github.com/rmohr/crypto v0.0.0-20211203105847-e4ed9664ac54
Download the replacement package with:
go get
go build .
./ssh-publickey
Final Step: Repeat test ssh connection
cd /tmp/test
ssh -F /dev/null -oStrictHostKeychecking=no -oUserKnownHostsFile=/dev/null \
-oPubkeyAcceptedKeyTypes=-ssh-rsa -i ./test-key-rsa localhost -p 2222
Should work and the SSH key should be echoed