vitobotta
commented
1 year ago Looks like this library still uses SHA-1 which is now deprecated
Open vitobotta opened 1 year ago
vitobotta
commented
1 year ago Looks like this library still uses SHA-1 which is now deprecated
stakach
commented
1 year ago Thanks for letting me know, I'll look into it
vitobotta
commented
1 year ago Thanks for letting me know, I'll look into it
Awesome, thanks! I bet that many tools will break because of the SHA1 deprecation :)
stakach
commented
1 year ago yeah saw a bunch of similar issues in go projects I've made a pull request https://github.com/spider-gazelle/ssh2.cr/pull/17 that should fix the issue
are you able to test with your project? The docker image I had for testing has been removed from docker-hub and I'm still looking for the Dockerfile
vitobotta
commented
1 year ago Hi @stakach I am still new to Crystal in general. How do I test with the code in your PR? Can I specify it somehow in the shards file?
stakach
commented
1 year ago yeah, you can specify a branch in the shards yml something like
ssh2.cr:
github: spider-gazelle/ssh2.cr
branch: upgrade-default-hash-algHi! I just tried and I still get userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms in the server's logs. With the regular SSH client I can log in with the same key. I actually tried basically the same change you made in a fork before, so same result. Any idea of what else might need to be updated?
For the time being to unblock users of my tool I am going to add PubkeyAcceptedKeyTypes=+ssh-rsa to the SSH config for the servers it creates, which seems to work as a temporary workaround.
vitobotta
commented
1 year ago Hi @stakach I am trying again. Just to make sure I am not missing anything, is it enough to add the branch to shards.yaml and run shards update or do I need to do something else? Thanks
stakach
commented
1 year ago Yeah I think so, can have a look at the files and make sure the changes in the branch are present
vitobotta
commented
1 year ago HI, sorry for the late reply. I tried but it didn't help unfortunately. What could be the problem? I am not familiar enough with how keys work etc
GrantBirki
commented
6 months ago @stakach I'm still getting this same issue userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
GrantBirki
commented
6 months ago Update: I was able to fix my problems by updating the SSH configuration on the server I was trying to SSH into with this crystal library:
If you are trying to execute remote SSH commands and see
userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]in your logs, try this:
Edit: /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_configAdd the following line:
PubkeyAcceptedAlgorithms +ssh-rsaRestart the ssh service:
sudo service ssh restart
Hi! I built a tool to create Kubernetes clusters in Hetzner Cloud (https://github.com/vitobotta/hetzner-k3s) and I use your library to interact with servers :)
Some users are having problems with some SSH keys, and I tracked it down to Ubuntu 22.04 refusing some keys with old crypto and I see these lines in /var/log/auth.log
The weird thing is that if I use the same SSH keys with the regular SSH client for example on Mac, I can SSH into the servers without any issue. But with the Crystal app using this library I cannot SSH into the servers because of that error.
Is there a workaround or does the library need to be updated somehow? Thanks!