Author Topic: [SOLVED] ssh-rsa keys disabled - when? (Read 5092 times)

Patrick M. Hausen · « **on:** December 15, 2021, 10:18:32 pm »

Hi all,

I have been searching my eyes out of their sockets for hours since either the 21.7.6 or the 21.7.5 update. My Vagrant project that I use for development would provision the OPNsense just fine, then on subsequent "vagrant up" runs fail to connect with:

default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...
...

"vagrant ssh" works fine, though. That's the really puzzling part.

By using a manual ssh into the box while the startup routine was hanging/retrying, reconfiguring sshd for a debug log and restarting, I found:

Dec 15 21:00:21 OPNsense sshd[12994]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

So ... what the ...?

Why does the key not work at startup but subsequent logins work? The first of course breaks the NFS mounts and other configuration Vagrant does on startup. I am not quite sure what is actually happening, here.

Any hints greatly welcome.
Patrick

franco · « **Reply #1 on:** December 16, 2021, 07:52:18 am »

Hi Patrick,

We did defer the OpenSSH updates until a vulnerability forced us to include it in 21.7.5, see

https://github.com/opnsense/changelog/blob/master/community/21.7/21.7.5#L7-L10 and https://www.openssh.com/txt/release-8.8 section "Potentially-incompatible changes".

Cheers,
Franco

Patrick M. Hausen · « **Reply #2 on:** December 16, 2021, 09:11:04 am »

Looks like a Vagrant issue after all. Thanks.

https://github.com/hashicorp/vagrant/issues/12344

Author Topic: [SOLVED] ssh-rsa keys disabled - when? (Read 5092 times)

Patrick M. Hausen

[SOLVED] ssh-rsa keys disabled - when?

franco

Re: ssh-rsa keys disabled - when?

Patrick M. Hausen

Re: ssh-rsa keys disabled - when?