[SOLVED] ssh-rsa keys disabled - when?

Started by Patrick M. Hausen, December 15, 2021, 10:18:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 15, 2021, 10:18:32 PM Last Edit: December 16, 2021, 09:11:30 AM by pmhausen
Hi all,

I have been searching my eyes out of their sockets for hours since either the 21.7.6 or the 21.7.5 update. My Vagrant project that I use for development would provision the OPNsense just fine, then on subsequent "vagrant up" runs fail to connect with:

    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
...

"vagrant ssh" works fine, though. That's the really puzzling part.

By using a manual ssh into the box while the startup routine was hanging/retrying, reconfiguring sshd for a debug log and restarting, I found:

Dec 15 21:00:21 OPNsense sshd[12994]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]


So ... what the ...?

Why does the key not work at startup but subsequent logins work? The first of course breaks the NFS mounts and other configuration Vagrant does on startup. I am not quite sure what is actually happening, here.

Any hints greatly welcome.
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 16, 2021, 07:52:18 AM #1
Hi Patrick,

We did defer the OpenSSH updates until a vulnerability forced us to include it in 21.7.5, see

https://github.com/opnsense/changelog/blob/master/community/21.7/21.7.5#L7-L10 and https://www.openssh.com/txt/release-8.8 section "Potentially-incompatible changes".


Cheers,
Franco
December 16, 2021, 09:11:04 AM #2
Looks like a Vagrant issue after all. Thanks.

https://github.com/hashicorp/vagrant/issues/12344
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions