Can you use ed25519 algo and make rsa deprecated

Question

Can you use ed25519 algo and make rsa deprecated

Elrondo46 opened this issue 3 years ago · 10 comments

ssh-rsa is the default option for host keys in your tool, can you make ed25519 as default algo. RSA is deprecated in 2021

Answer 1 · 2021-11-10T07:47:21.000Z

It's just rsa with sha-1 that is deprecated in 2021.
You can safely use SHA-2 rsa algorithm.

Answer 2 · 2022-02-21T22:43:46.000Z

Unfortunately many clients reject connecting also with SHA-2 rsa with complaining

no matching host key type found. Their offer: ssh-rsa

as this algorithm fell of the clients acceptable connections. Making ed25519 default would also be highly appreciated on our side as we receive many client complaints.

Answer 3 · 2022-02-22T08:20:02.000Z

Unfortunately many clients reject connecting also with SHA-2 rsa with complaining

no matching host key type found. Their offer: ssh-rsa

as this algorithm fell of the clients acceptable connections. Making ed25519 default would also be highly appreciated on our side as we receive many client complaints.

You can add the following option to your SSH client : -oHostKeyAlgorithms=+ssh-rsa

But if you can't add this option, you can create the file at path $HOME/.ssh/config
and adding the following using your own ip :

Host nas
  HostName 192.168.x.x
  HostKeyAlgorithms=+ssh-rsa

~~Some client won't take this file but that tell you that's a bad client ^^~~

Answer 4 · 2022-02-25T23:06:30.000Z

Unfortunately many clients reject connecting also with SHA-2 rsa with complaining

no matching host key type found. Their offer: ssh-rsa

as this algorithm fell of the clients acceptable connections. Making ed25519 default would also be highly appreciated on our side as we receive many client complaints.

do you mean make -i /etc/ssh/ssh_host_rsa_key default?

Answer 5 · 2022-03-09T00:31:02.000Z

Regardless of default, it seems that ssh-rsa is the only accepted host key algorithm for rsa host key. This is causing failures with newer versions of openssh-client (I believe it's anything after 8.8), with the error client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0

Is there a way to configure a different set of allowed algorithms? Have been digging in to see if I can find where this is set, but no luck so far.

Looks to be related to this: golang/go#37278

Answer 6 · 2022-03-09T17:47:11.000Z

Poked around in sshpiper.crypto a bit and realized that the primary changes to support SHA256 and SHA512 signing with RSA keys is already merged in from upstream, there just hasn't been a new tag made since 2020.

Tested a build of sshpiper with go.mod pointed to the latest commit of sshpiper.crypto, and confirmed that it does now select SHA512 instead of SHA1 with an RSA host key.

Answer 7 · 2022-03-09T18:32:14.000Z

@bhperry latest master is always using latest sshpiper.crypto
which version are you using?

Answer 8 · 2022-03-09T19:05:32.000Z

Oh, right you are. Working off of a fork of sshpiper, so we're a bit out of sync with master. Thanks!

Answer 9 · 2022-03-10T05:40:26.000Z

@bhperry thanks for confirming. grpc driver would decouple the logic and sshpiper
let me know if it could help to get rid of your private build

Answer 10 · 2022-03-10T15:53:58.000Z

Fork was for something else. These PRs my colleague made
#77
pockost/sshpipe-k8s-lib#1

Would like to merge our forks if you have the time to review. Happy to get up to date with master and reopen the PRs.