ssh-key-authority icon indicating copy to clipboard operation
ssh-key-authority copied to clipboard
verified publisher icon operasoftware

openssh 8.8 not working anymore

Open wastez opened this issue 3 years ago • 12 comments

Hello,

On new opnsense it is not possible to sync anymore because in the last versions openssh 8.8 ist used and they removed ssh-rsa in PubkeyAcceptedAlgorithms.

Is there a way to make it working again? userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

wastez avatar Jan 21 '22 09:01 wastez

Would it be possible to implement the new libssh2

wastez avatar Mar 16 '22 09:03 wastez

Would it be possible to implement it?

wastez avatar Sep 27 '22 08:09 wastez

Is there a PHP library for it?

thomas-pike avatar Oct 02 '22 22:10 thomas-pike

As far as i know the latest libssh2 can do this.

wastez avatar Oct 05 '22 12:10 wastez

I have the same issue when I try to sync keys with AlmaLinux 9.1

Nov 25 09:03:33 qwe sshd[21187]: debug1: do_cleanup [preauth]
Nov 25 09:03:33 qwe sshd[21187]: debug1: monitor_read_log: child log fd closed
Nov 25 09:03:33 qwe sshd[21189]: debug1: userauth-request for user root service ssh-connection method publickey [preauth]
Nov 25 09:03:33 qwe sshd[21189]: debug1: attempt 0 failures 0 [preauth]
Nov 25 09:03:33 qwe sshd[21187]: debug1: do_cleanup
Nov 25 09:03:33 qwe sshd[21187]: debug1: PAM: cleanup
Nov 25 09:03:33 qwe sshd[21187]: debug1: Killing privsep child 21188
Nov 25 09:03:33 qwe sshd[21189]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: initializing for "root"
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: setting PAM_RHOST to "10.10.10.10"
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: setting PAM_TTY to "ssh"
Nov 25 09:03:33 qwe sshd[21189]: Received disconnect from 10.10.10.10 port 56792:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
Nov 25 09:03:33 qwe sshd[21189]: Disconnected from authenticating user root 10.10.10.10 port 56792 [preauth]

I tried with adding

PubkeyAcceptedKeyTypes=+ssh-rsa

but it fails again

When I try to execute on command line from SKA server:

ssh [email protected] -i /path/private/key/keys-sync

it connects successfully

Any ideas?

antonzhelyazkov avatar Nov 25 '22 14:11 antonzhelyazkov

To execute ssh is not the same because a php Library called libssh2 is used. As far as i now libssh2 already could to this but it need to be implemented.

In the meantime you can activate ssh-rsa on the client side.

You have to set these two settings on the client side:

PubkeyAcceptedAlgorithms +ssh-rsa HostkeyAlgorithms +ssh-rsa

wastez avatar Nov 29 '22 19:11 wastez

Hello.

I complied the last version of libssh2 and edited your code to work with devices which aren't ssh-rsa. If you like to have the changes just inform me.

Thanks & Greets

wastez avatar Nov 08 '23 14:11 wastez

Sure :) It will be great if SKA works with such a devices.

antonzhelyazkov avatar Nov 08 '23 20:11 antonzhelyazkov

ED22519 is the way to go for the time being.

40417256 avatar Nov 11 '23 01:11 40417256

libssh2

it works thank you

antonzhelyazkov avatar Nov 17 '23 23:11 antonzhelyazkov

Yes but to work with old devices too the code should be edited. Sorry was really busy this week....

wastez avatar Nov 17 '23 23:11 wastez