Support Modern Host Keys in Metal SOS console
complete
F
Florian Klink
A recent openssh upgrade removed ssh-rsa from the default list of HostkeyAlgorithms, due to security concerns. See https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd
This means the one-liner to access the SOS console currently fails:
Unable to negotiate with 145.40.79.87 port 22: no matching host key type found. Their offer: ssh-rsa
I need to manually invoke ssh with the -oHostkeyAlgorithms=+ssh-rsa parameter.
sos.*.platformequinix.com should support more modern host keys, so this works by default again (and is more secure)
S
Sal Carrasco
complete
The SOS console has now been updated to support modern host keys. Users should no longer see the "no matching host key type found" error.
A
Alexander Tessmer
Any update on this? SHA-1 is now considered cryptographically insecure.
Sal Carrasco
Setting this one back to "Under Review" as I am seeing that it is still valid. I was able to replicate what Florian Klink provided, we will be reviewing shortly. Please stay tuned.
Unable to negotiate with 145.40.76.147 port 22: no matching host key type found. Their offer: ssh-rsa
Sal Carrasco
under review
Bob Fraser
in progress