You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently updated my BOA environment to release # 4.1.4-rel.
After successfully updating the system, the next time I attempted to SSH into the server, my root's SSH keys were refused.
Upon further investigation, I found that the issue is related to the included update of the OpenSSH server to release 8.8. As you can see by looking at these release notes: https://www.openssh.com/txt/release-8.8
This release disables RSA signatures using the SHA-1 hash algorithm
by default.
While I was able to regain access to the server using one of the newer and approved algorithms for OpenSSH 8.8. I then ran into an issue when I attempted to run the "barracuda up-stable" command.
ERROR: BOA requires working SSH (RSA) keys for system root present
ERROR: Please add and test your SSH (RSA) keys for root account
ERROR: before trying again
It appears that the current script does not take into account the use of the newer and more secure algorithms recommended by the updated OpenSSH software. While it does appear that it is technically possible to force the updated OpenSSH to use the older RSA key, it is highly discouraged according to their documentation.
Please make a note of this potential issue when performing the update process. (It can be a real pain to try and regain access to the system, especially without any sort of warning.)
It would also be ideal to have the script allow for other key types to be recognized as well so that it does not cause a potential block when updating. While also encouraging best security practices with newer and more advanced algorithms.
Thanks!
The text was updated successfully, but these errors were encountered:
I recently updated my BOA environment to release # 4.1.4-rel.
After successfully updating the system, the next time I attempted to SSH into the server, my root's SSH keys were refused.
Upon further investigation, I found that the issue is related to the included update of the OpenSSH server to release 8.8. As you can see by looking at these release notes: https://www.openssh.com/txt/release-8.8
While I was able to regain access to the server using one of the newer and approved algorithms for OpenSSH 8.8. I then ran into an issue when I attempted to run the "barracuda up-stable" command.
It appears that the current script does not take into account the use of the newer and more secure algorithms recommended by the updated OpenSSH software. While it does appear that it is technically possible to force the updated OpenSSH to use the older RSA key, it is highly discouraged according to their documentation.
Please make a note of this potential issue when performing the update process. (It can be a real pain to try and regain access to the system, especially without any sort of warning.)
It would also be ideal to have the script allow for other key types to be recognized as well so that it does not cause a potential block when updating. While also encouraging best security practices with newer and more advanced algorithms.
Thanks!
The text was updated successfully, but these errors were encountered: