Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssh 8.8 not working anymore #62

Open
wastez opened this issue Jan 21, 2022 · 11 comments
Open

openssh 8.8 not working anymore #62

wastez opened this issue Jan 21, 2022 · 11 comments

Comments

@wastez
Copy link

wastez commented Jan 21, 2022
edited
Loading

Hello,

On new opnsense it is not possible to sync anymore because in the last versions openssh 8.8 ist used and they removed ssh-rsa in PubkeyAcceptedAlgorithms.

Is there a way to make it working again?
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
@wastez
Copy link
Author

wastez commented Mar 16, 2022

Would it be possible to implement the new libssh2

@wastez
Copy link
Author

wastez commented Sep 27, 2022

Would it be possible to implement it?

@thomas-pike
Copy link
Collaborator

Is there a PHP library for it?

@wastez
Copy link
Author

wastez commented Oct 5, 2022

As far as i know the latest libssh2 can do this.

@antonzhelyazkov
Copy link

antonzhelyazkov commented Nov 25, 2022
edited
Loading

I have the same issue when I try to sync keys with AlmaLinux 9.1

Nov 25 09:03:33 qwe sshd[21187]: debug1: do_cleanup [preauth]
Nov 25 09:03:33 qwe sshd[21187]: debug1: monitor_read_log: child log fd closed
Nov 25 09:03:33 qwe sshd[21189]: debug1: userauth-request for user root service ssh-connection method publickey [preauth]
Nov 25 09:03:33 qwe sshd[21189]: debug1: attempt 0 failures 0 [preauth]
Nov 25 09:03:33 qwe sshd[21187]: debug1: do_cleanup
Nov 25 09:03:33 qwe sshd[21187]: debug1: PAM: cleanup
Nov 25 09:03:33 qwe sshd[21187]: debug1: Killing privsep child 21188
Nov 25 09:03:33 qwe sshd[21189]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: initializing for "root"
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: setting PAM_RHOST to "10.10.10.10"
Nov 25 09:03:33 qwe sshd[21189]: debug1: PAM: setting PAM_TTY to "ssh"
Nov 25 09:03:33 qwe sshd[21189]: Received disconnect from 10.10.10.10 port 56792:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
Nov 25 09:03:33 qwe sshd[21189]: Disconnected from authenticating user root 10.10.10.10 port 56792 [preauth]

I tried with adding

PubkeyAcceptedKeyTypes=+ssh-rsa

but it fails again

When I try to execute on command line from SKA server:

ssh keys-sync@my.dst.server -i /path/private/key/keys-sync

it connects successfully

Any ideas?

@wastez
Copy link
Author

wastez commented Nov 29, 2022
edited
Loading

To execute ssh is not the same because a php Library called libssh2 is used.
As far as i now libssh2 already could to this but it need to be implemented.

In the meantime you can activate ssh-rsa on the client side.

You have to set these two settings on the client side:

PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa

@wastez
Copy link
Author

wastez commented Nov 8, 2023

Hello.

I complied the last version of libssh2 and edited your code to work with devices which aren't ssh-rsa.
If you like to have the changes just inform me.

Thanks & Greets

@antonzhelyazkov
Copy link

Sure :)
It will be great if SKA works with such a devices.

@40417256
Copy link

ED22519 is the way to go for the time being.

@antonzhelyazkov
Copy link

libssh2

it works thank you

@wastez
Copy link
Author

wastez commented Nov 17, 2023

Yes but to work with old devices too the code should be edited.
Sorry was really busy this week....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wastez @antonzhelyazkov @thomas-pike @40417256