Support Modern Host Keys in Metal SOS console
complete
F
Florian Klink
A recent openssh upgrade removed ssh-rsa from the default list of HostkeyAlgorithms, due to security concerns. See https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd
This means the one-liner to access the SOS console currently fails:
Unable to negotiate with 145.40.79.87 port 22: no matching host key type found. Their offer: ssh-rsa
I need to manually invoke ssh with the -oHostkeyAlgorithms=+ssh-rsa parameter.
sos.*.platformequinix.com should support more modern host keys, so this works by default again (and is more secure)
S
Sal Carrasco
marked this post as
complete
The SOS console has now been updated to support modern host keys. Users should no longer see the "no matching host key type found" error.
A
Alexander Tessmer
Any update on this? SHA-1 is now considered cryptographically insecure.
Sal Carrasco
Setting this one back to "Under Review" as I am seeing that it is still valid. I was able to replicate what Florian Klink provided, we will be reviewing shortly. Please stay tuned.
Unable to negotiate with 145.40.76.147 port 22: no matching host key type found. Their offer: ssh-rsa
Sal Carrasco
marked this post as
under review
Bob Fraser
marked this post as
in progress