Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Old crypto. algorithms required (ssh-rsa with sha1) #93

Closed
vholer opened this issue Jul 1, 2022 · 2 comments
Closed

Old crypto. algorithms required (ssh-rsa with sha1) #93

vholer opened this issue Jul 1, 2022 · 2 comments

Comments

@vholer
Copy link
Contributor

vholer commented Jul 1, 2022

Looks to me the sshpiper relies on old SSH public key crypto. algorithms, which are/might be already disabled in current distributions:

E.g.,

$ ssh app1@localhost -p 2222 -vvv
...
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:XXX
debug1: send_pubkey_test: no mutual signature algorithm
...
debug1: No more authentication methods to try.
app1@localhost: Permission denied (publickey).

When I enable old ssh-rsa keys types, it works:

$ ssh app1@localhost -p 2222 -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -vvv
...
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:XXX
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:XXX
...
app1-65fbd646-ln74g:~$

Since OpenSSH 8.2 (02/2020) the ssh-rsa is disabled. https://www.openssh.com/txt/release-8.2
@tg123
Copy link
Owner

tg123 commented Jul 1, 2022

same as in #80 ?

@tg123
Copy link
Owner

tg123 commented Jul 18, 2022

this is a client side behavior
ssh blocked ssh-rsa and did not even send anything to server

however, sshpiper is not blocking rsa at the moment

@tg123 tg123 closed this as not planned Won't fix, can't repro, duplicate, stale Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tg123 @vholer