search

omega8cc / boa

Barracuda Octopus Aegir 5.5.0-PRO
https://omega8.cc/compare
394 stars 75 forks source link

Query re non-rsa ssh keys #1830

Closed EdNett closed 2 weeks ago

EdNett commented 2 weeks ago

Hello,

We often use EdDSA and even ED25519 keys instead of rsa 4096 sha2, and boa doesn't accept them, forcing us to add an rsa key. If it's easy, could EdDSA and even ED25519 keys be "acceptable" also (so that an upgrade doesn't fail if those types of keys are used), since those keys are in the process of replacing rsa keys in many ways.

Best,

Ed

omega8cc commented 2 weeks ago

BOA supports these keys for years. Not sure what your issue is?

ch5:~# ssh-keyscan -t ecdsa,ed25519 localhost
# localhost:22 SSH-2.0-OpenSSH_9.9
localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCCdPCPQFLYoctJ1IfAqwvpdIT00WczrLDCVL5CxGAeFvYVNN9j7wZcUjPn/CxVySk2glsgJp8Tvz0HMMleTJSM=
# localhost:22 SSH-2.0-OpenSSH_9.9
localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4eCiLyBxi7vVY4DIuTx3jAZ786ZyqtkWGRTNY50m/l
ch5:~#
EdNett commented 2 weeks ago

Hello, The issue is if I have one of these ecdsa-sha2-nistp512 keys, for example, the barracuda up-lts won't run, telling me I need ssh keys, so I put in a 4096 rsa key and then the upgrade is allowed.

omega8cc commented 2 weeks ago

Ah, we didn't notice that because we normally have a set of three to be able to support legacy systems, so it works fine.

It looks like this:

~/.ssh/config

Host *
    IdentityFile ~/.ssh/id_ed25519
    IdentityFile ~/.ssh/id_ecdsa
    IdentityFile ~/.ssh/id_rsa
EdNett commented 2 weeks ago

Thank you - I'll go with ed25519 - that's vey strong and very fast.