FS#72250 - [openssh] Fails to use loaded ssh keys
Attached to Project:
Arch Linux
Opened by Nils (Eka) - Monday, 27 September 2021, 09:38 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 27 September 2021, 15:48 GMT
Opened by Nils (Eka) - Monday, 27 September 2021, 09:38 GMT
Last edited by Jonas Witschel (diabonas) - Monday, 27 September 2021, 15:48 GMT
|
Details
Description:
With the latest version (openssh-8.8p1-1), I can't successfully connect to remote repository with ssh-key. For example, with Atlassian, I get: ❯ ssh -Tv git@bitbucket.org OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to bitbucket.org [2406:da00:ff00::22c3:9b0a] port 22. debug1: Connection established. debug1: identity file ~/.ssh/id_rsa type 0 debug1: identity file ~/.ssh/id_rsa-cert type -1 debug1: identity file ~/.ssh/id_dsa type -1 debug1: identity file ~/.ssh/id_dsa-cert type -1 debug1: identity file ~/.ssh/id_ecdsa type -1 debug1: identity file ~/.ssh/id_ecdsa-cert type -1 debug1: identity file ~/.ssh/id_ecdsa_sk type -1 debug1: identity file ~/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file ~/.ssh/id_ed25519 type -1 debug1: identity file ~/.ssh/id_ed25519-cert type -1 debug1: identity file ~/.ssh/id_ed25519_sk type -1 debug1: identity file ~/.ssh/id_ed25519_sk-cert type -1 debug1: identity file ~/.ssh/id_xmss type -1 debug1: identity file ~/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.8 debug1: Remote protocol version 2.0, remote software version conker_9184038cdb f6f230eaa11d debug1: compat_banner: no match: conker_9184038cdb f6f230eaa11d debug1: Authenticating to bitbucket.org:22 as 'git' debug1: load_hostkeys: fopen ~/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: (no match) Unable to negotiate with 2406:da00:ff00::22c3:9b0a port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss But it works fine with the previous version. The agent is loaded in both case. |
This task depends upon
Closed by Jonas Witschel (diabonas)
Monday, 27 September 2021, 15:48 GMT
Reason for closing: Not a bug
Additional comments about closing: Upstream has disabled the ssh-rsa algorithm (using SHA-1 signatures) by default, cf. https://www.openssh.com/txt/release-8.8 for an explanation and a possible workaround.
Monday, 27 September 2021, 15:48 GMT
Reason for closing: Not a bug
Additional comments about closing: Upstream has disabled the ssh-rsa algorithm (using SHA-1 signatures) by default, cf. https://www.openssh.com/txt/release-8.8 for an explanation and a possible workaround.
See also https://www.openssh.com/legacy.html
Host bitbucket.org
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Looks like that's not a bug and the task should be closed. Maybe some warning message on the front page of archlinux.org would prevent people from reporting ssh connection issues as a bug...
> We recommend enabling RSA/SHA1 only as a stopgap measure
> until legacy implementations can be upgraded or reconfigured
> with another key type (such as ECDSA or Ed25519).
Interesting enough, new keys generated using `ssh-keygen` without the `-t` flag on this version are still generated using rsa. Can we have it default to ed25519 instead?