Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

faq: add entry that explains SSH crypto change in F33 #220

Merged
merged 1 commit into from
Dec 17, 2020
Merged

faq: add entry that explains SSH crypto change in F33 #220

merged 1 commit into from
Dec 17, 2020

Conversation

dustymabe
Copy link
Member

No description provided.

@dustymabe dustymabe mentioned this pull request Dec 16, 2020
Closed
jlebon
jlebon approved these changes Dec 17, 2020
View reviewed changes
Copy link
Member

@jlebon jlebon left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor suggestions, but LGTM overall!

modules/ROOT/pages/faq.adoc Outdated
@@ -336,3 +336,44 @@ systemd:

For more information see
https://github.com/coreos/fedora-coreos-tracker/issues/519[the tracker issue discussion].

== After the rebase to Fedora 33 why does my tooling that uses SSH cease to work?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about something simpler like

Suggested change
== After the rebase to Fedora 33 why does my tooling that uses SSH cease to work?
== Why does SSH stop working after upgrading to Fedora 33?

?

modules/ROOT/pages/faq.adoc Outdated
Comment on lines 353 to 355
For example, GoLang has an https://github.com/golang/go/issues/37278[open issue]
to solve this problem in the GoLang stack, but has yet to resolve the
issue. This has been hit and worked around by the FCOS community in
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For example, GoLang has an https://github.com/golang/go/issues/37278[open issue]
to solve this problem in the GoLang stack, but has yet to resolve the
issue. This has been hit and worked around by the FCOS community in
For example, Go has an https://github.com/golang/go/issues/37278[open issue]
to solve this problem in its SSH implementation, but has yet to resolve
it. This has been hit and worked around by the FCOS community in

?

modules/ROOT/pages/faq.adoc Outdated
- https://github.com/coreos/fedora-coreos-tracker/issues/699[coreos/fedora-coreos-tracker#699]
- https://github.com/coreos/coreos-assembler/issues/1772[coreos/coreos-assembler#1772]

If you run into this problem and need to workaround the issue you
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you run into this problem and need to workaround the issue you
If you run into this problem and need to work around the issue, you

modules/ROOT/pages/faq.adoc
If you run into this problem and need to workaround the issue you
have a few options:

- Switch to a newer non-RSA key type.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Switch to a newer non-RSA key type.
- Switch to a newer non-RSA SHA-1 key type.

(RSA SHA-2 works, right?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The RSA SHA2 keyex algo works, but using a non RSA key itself will workaround the problem entirely, which is what I'm trying to say here.

@dustymabe
Copy link
Member Author

Implemented most of your suggested changes! Thanks for the review.

@dustymabe dustymabe merged commit 5adcf40 into coreos:master Dec 17, 2020
bgilbert
bgilbert reviewed Dec 17, 2020
View reviewed changes
Copy link
Contributor

@bgilbert bgilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM generally.

modules/ROOT/pages/faq.adoc
You may hit issues if you use RSA keys and:

* use an old version of the `SSH` client
* use tooling/software libraries that don't support using RSA SHA2 host key signatures
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"public key signatures" would be clearer, since host keys aren't involved here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the suggestion. Fix in #222

@adriangabura adriangabura mentioned this pull request Mar 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgilbert bgilbert bgilbert left review comments

@jlebon jlebon jlebon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dustymabe @bgilbert @jlebon