Open dev-rowbot opened 2 years ago
Got same issue with upgraded node to Ubuntu 22.04. Node was working without issues on Ubuntu 20.04, last successful job right before the upgrade. Checking the same job after upgrade was failing. Access to node via ssh works from Rundeck server (Rundeck 4.5.0), but not via job. Adding suggested fix in sshd_config solved the issue for me. Thanks @dev-rowbot
@dev-rowbot have you tried using the SSHJ Node executor plugin?
https://github.com/rundeck-plugins/sshj-plugin#sshj-plugin-rundeck-plugin
Since we've been upgrading our servers to Debian 12 we have been seeing this error more and more. It seems Debian 12 has dropped support for RSA keys by default, which I believe is a sensible thing to do as using RSA keys is increasingly discouraged. As Rundeck only supports RSA and DSA key types, this requires negating this security measure by re-enabling support for RSA keys.
Supporting ED25519 would certainly be a welcome update to Rundeck!
I've been thinking of asking for rundeck enterprise where I work. I use a community version of rundeck for just a few restart jobs that unskilled people need to occasionally 'click the button'. But if there is no support for anything besides rsa there is no point.
rsa is deprecated in rhel8 and disabled for small key completely. rsa is completely disabled in rhel9.
Get off your butts and get ed25519 support before other companies evaluating rundeck decide to not use it.
Hi @Matthew-Jenkins ,
The SSHJ node executor supports ed25519 keys. Please change the project node executor to SSHJ.
Hi, I have also hit this same problem where I have a rundeck system setup on linux 7.9 and we have a couple of new linux 9 VM's which I need to introduce into rundeck. Hitting the same error: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] Before I go to the trouble of downloading and troubleshooting the installation of the SSHJ plugin, can you please confirm this is the correct solution? There is not much doc about how to setup the plugin. Any advice would be appreciated. I plan on setting up a separate project for all jobs to run against the linux 9 VM's so I can configure the project to use this plugin. I have no idea if I am on the right path here. Regards Lorraine
The SSHJ plugin, which is the default SSH executor now, does support modern key types like ed25519. These types are preferred by the more recent versions of Linux distros, so yes, this would fix the issue. However, there is a bug in the new SSHJ-SCP file copier that has yet to be fixed: https://github.com/rundeck/rundeck/issues/8507. For me, this is a show stopper as it breaks a lot of our scripts. It might not affect your installation, however.
Describe the bug I am running Rundeck 4.2.1 in Kubernetes and when I try execute a job using the SSH connector I get the error
I know the SSH key works because I can ssh from Kubernetes pod to the bastion server using the same key. I did have an issue with the key previously due to the format but I regenerated the key using this command
The full log is as follows:
I added this to my project config to try force
publickey
and disable strict host key checkingThe error is caused by the version of sshd running on my Ubuntu instance (22.04). In the
/var/log/auth.log
I noticed thisThe fix for the issue is to add this to
/etc/ssh/sshd_config
My Rundeck detail
To Reproduce As per the bug description
Expected behavior SSh Should work without any changes required in the sshd_config file in ubuntu.