-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh: support for new key algorithms rsa-sha2-256/rsa-sha2-512 #334
Comments
How about leaving out |
I will try when I back home. Why address must be ip address instead allowed host in ~/.ssh/config, can not access this host without multi jump host. |
@kke without keyPath
but the key is already added ssh-add -l | grep credentials/admin_rsa |
removed |
Hmm, I wonder if it's actually trying to use the SSH_AUTH_SOCK, it should try it right after that error. _, err := os.Stat(c.KeyPath)
if err != nil && !c.keypathDefault {
return err
}
if err == nil {
var key []byte
key, err = os.ReadFile(c.KeyPath)
if err != nil {
return err
}
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Errorf("can't parse keyfile %s: %s", c.KeyPath, err.Error()) // <-- the error comes from here
} else {
pubkeySigners = append(pubkeySigners, signer)
}
}
sshAgentSock := os.Getenv("SSH_AUTH_SOCK") // <-- it should continue from here even with the error message
if sshAgentSock != "" {
sshAgent, err := net.Dial("unix", sshAgentSock)
if err != nil {
log.Errorf("can't connect to SSH agent auth socket %s: %s", sshAgentSock, err)
} else {
signers, err := agent.NewClient(sshAgent).Signers()
if err == nil {
pubkeySigners = append(pubkeySigners, signers...)
}
}
} Jump-hosts are possible via the "bastion" setting: spec:
hosts:
- role: controller
ssh:
address: 10.0.0.2
user: ubuntu
keyPath: ~/.ssh/id_rsa
bastion:
address: 10.0.0.1
user: root
keyPath: ~/.ssh/id_rsa2 Using named hosts from ~/.ssh/config is doable, but there may be some problems when k0sctl tries to use the address for figuring things out in the discovery phase. |
@kke To access the host need tow jump host. Maybe caused by golang/go#49952
dose this mean the key is rsa-sha2-256 |
I'll update the ssh library dependency, let's see what that does. |
One more reference bfritz/homelab-bootstrap@11fad69 Using alpine 3.15 |
This is the problem, after add
to sshd_config, works now. |
@kke still not fixed, x/crypto/ssh do not support rsa-sha2-256/rsa-sha2-512 according to golang/go#49952 |
This will have to wait then, good thing there's a workaround. |
how about switch to this for now ?
enable ssh-ras is not good |
Whoops, merging the rig PR auto-closed this issue. |
Does https://github.com/k0sproject/k0sctl/releases/tag/v0.13.0-beta.7 fix it for you? |
Still doesn't work for me, at least on a Windows machine using the Microsoft OpenSSH Agent in CMD/PowerShell. Also tried Git Bash with the Git Bash SSH Agent but doesn't work either.
|
@Skaronator The log snippets you provided indicate that this is a different problem as described in this issue. The key you're trying to use is encrypted:
and hence k0sctl tries to connect without any means of authentication:
You already said that you tried with the Git Bash SSH Agent. Did you check if the Alternatively, instead of using your personal private key, you could generate a separate keypair, just for the provisioning of k0s hosts, and keep the private key of that keypair unencrypted. If the problem persists, feel free to open a new issue for that. |
output
version
The text was updated successfully, but these errors were encountered: