Ssh-rsa deprecated

goldmund256 · October 4, 2021, 10:53pm

Hi!

Now that ssh-rsa is not part of OpenSSH 8.8 and officially deprecated, I can't connect to an instance of rclone serve sftp:

$ rclone serve sftp b2:xyz --user xyz --pass xyz --addr 127.0.0.1:2020
$ sftp -P 2020 xyz@127.0.0.1
Unable to negotiate with 127.0.0.1 port 2020: no matching host key type found. Their offer: ssh-rsa

Yes, I can put this into my $HOME/.ssh/config and it works:

Host 127.0.0.1
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

But that's not a solution, it's just a workaround.

Will rclone support a stronger algorithm? Or does it already and I am just blind? If so, how to set it up?

Thanks!

Animosity022 · October 5, 2021, 12:19am

I believe that's because of the go ssh package doesn't support I'd imagine:

There are numerous issues as it would have to be fixed upstream if i'm not mistaken:

ncw · October 5, 2021, 2:01pm

I think you should be able to use an ECDSA key - what keys do you have in ssh keyring? ssh-add -L | awk '{print $1}' will tell you the types.

I think this is the Go upstream issue

github.com/golang/go

x/crypto/ssh: support RSA SHA-2 host key signatures

opened 05:06AM - 18 Feb 20 UTC

hansnielsen

Proposal-Accepted NeedsFix Proposal-Crypto

### What version of Go are you using (`go version`)? <pre> $ go version 1.1…3.8 </pre> Version of `x/crypto`: `1d94cc7ab1c630336ab82ccb9c9cda72a875c382` ### Does this issue reproduce with the latest release? Yes. ### What operating system and processor architecture are you using (`go env`)? <details><summary><code>go env</code> Output</summary><br><pre> $ go env n/a </pre></details> ### What did you do? I tried to connect to an OpenSSH 8.2 server with the `ssh-rsa` host key algorithm disabled on the server. I also tried to run an `x/crypto/ssh` server and connect from an OpenSSH client with `ssh-rsa` disabled. Lastly, I tried to sign a host certificate with `ssh.Certificate.SignCert` with a SHA-2 based signature. ### What did you expect to see? I expected the RSA host key and certificate to validate successfully with the new SHA-2 based signatures introduced in [RFC 8332](https://tools.ietf.org/html/rfc8332). I also expected to be able to sign host certificates and have them automatically received a SHA-2 based signature. OpenSSH has already deprecated `ssh-rsa` (i.e. SHA-1 based) signatures in host certificates in version 8.2 because of safety reasons. They can still be used by the host key algorithm must be manually specified. ### What did you see instead? I was unable to connect either as a server or a client if `ssh-rsa` wasn't enabled while using RSA host keys or host certificates. I was able to sign a certificate with the `AlgorithmSigner` wrapper approach (i.e. by forcefully overriding `Sign`) proposed by @stoggi in #36261, but it's not a great experience for users.

goldmund256 · October 5, 2021, 2:26pm

I've just added a ECDSA key, but it's not helping:

$ ssh-add -L | awk '{print $1}'
ssh-rsa
ecdsa-sha2-nistp256

$ rclone serve sftp b2:xyz --user user --pass xyz --addr 127.0.0.1:2020
<5>NOTICE: Loaded 0 authorized keys from "/home/user/.ssh/authorized_keys"
<5>NOTICE: SFTP server listening on 127.0.0.1:2020
<3>ERROR : serve sftp 127.0.0.1:38384->127.0.0.1:2020: SSH login failed: ssh: no common algorithm for host key; client offered: [rsa-sha2-512-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-256 ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ssh-ed25519-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ssh-ed25519@openssh.com sk-ecdsa-sha2-nistp256@openssh.com], server offered: [ssh-rsa]

Do you think I am doing something wrong?

ncw · October 6, 2021, 10:55am

Is the public part of that key in /home/user/.ssh/authorized_keys? Looking at the debug I'd say only the ssh-rsa key is in there, but I could be wrong!

goldmund256 · October 6, 2021, 3:26pm

Sorry, I looked and realized that authorized_keys didn't exist at all! Nonetheless, I copied the id_rsa.pub and id_ecdsa.pub inside it, but it didn't help.

$ rclone serve sftp b2: --user user --pass test --addr 127.0.0.1:2020
<5>NOTICE: Loaded 2 authorized keys from "/home/user/.ssh/authorized_keys"
<5>NOTICE: SFTP server listening on 127.0.0.1:2020
<3>ERROR : serve sftp 127.0.0.1:32920->127.0.0.1:2020: SSH login failed: ssh: no common algorithm for host key; client offered: [rsa-sha2-512-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-256 ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ssh-ed25519-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ssh-ed25519@openssh.com sk-ecdsa-sha2-nistp256@openssh.com], server offered: [ssh-rsa]

Unless you have a different idea, I probably have to wait for a solution upstream.

ncw · October 7, 2021, 4:38pm

Thinking a bit more about this, I think that's the wrong key, we need to change the private key of the server. Rclone normally generates an RSA key (cached here ~/.cache/rclone/serve-sftp/id_rsa) however you can set this with

  --key stringArray                        SSH private host key file (Can be multi-valued, leave blank to auto generate)

So you could try creating a ecdsa key pair for the server

ssh-keygen -t ECDSA -f id_ecdsa
rclone serve -vv sftp --key id_ecdsa .

This seemed to work in my tests provoking an ECDSA key exchange.

Probably what rclone should do is generate an ECDSA key as well as an rsa key and load them both.

I'm not sure I fully understand the problem

goldmund256 · October 7, 2021, 5:13pm

You are a genius, this worked! Pointing to the right ECDSA key with --key $HOME/.ssh/id_ecdsa does the trick beautifully. Much appreciated!

ncw · October 7, 2021, 5:15pm

Excellent!

Would you mind opening a new issue on Github with a link to this thread in - I think we should probably fix this properly in rclone - thank you!

goldmund256 · October 7, 2021, 5:47pm

Here you go. Thanks again!

system · December 7, 2021, 1:48pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.