Open gwellington opened 2 years ago
There's a workaround for this:
we can either add the flag -oPubkeyAcceptedAlgorithms=+ssh-rsa-cert-v01@openssh.com
to the ssh command or to its config as described here: https://github.com/gravitational/teleport/issues/10918
@jakule is this still an issue?
@jakule is this still an issue?
I'll retest on Tuesday and let you know.
Tested today and appears to still be an issue.
CC @r0mant
@zmb3 Can you share more details about the environment you were testing "today"?
The compatibility with newer type of certificates should be implemented if not yet done, and if it's done clearly point on documentation how can we change the server or client configuration to use newer version of certificates and not obsolete RSA-CERT please.
Description
What happened: When using OpenSSH (OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021), SSH fails to proxy via the Teleport proxy server with the following error:
When using a non-OpenSSL/older version (OpenSSH_8.1p1, LibreSSL 2.7.3) of SSH, everything connects fine.
What you expected to happen: Teleport to support multiple version of OpenSSH versions.
Reproduction Steps
As minimally and precisely as possible, describe step-by-step how to reproduce the problem.
brew install openssh
ssh -o "ProxyCommand ssh -o StrictHostKeyChecking=no -p 3023 teleport.proxy.com -s proxy:%h:%p" -i ssh-key user@address
Server Details
teleport version
): 7.3.13/etc/os-release
): CentOS 7Client Details
tsh version
): Teleport v7.1.0 git:v7.1.0-0-gb52a7d89f go1.16.2Debug Logs
Please include or attach debug logs, when appropriate. Obfuscate sensitive information!
teleport --debug
)tsh --debug
)