SSH-RSA Keys broken after recent BOA update #1648
Comments
|
Confirming issue, after "system upgrade" unable to access root user with old key. |
|
Good point and also the reason we are back to changelog updates so people are aware of potentially problematic upgrades. |
|
Have had this happen to me three times now...;-( Any pointers on how I can regain access to my system? Fresh install/upgrades on fresh Debian 11 vanilla. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I recently updated my BOA environment to release # 4.1.4-rel.
After successfully updating the system, the next time I attempted to SSH into the server, my root's SSH keys were refused.
Upon further investigation, I found that the issue is related to the included update of the OpenSSH server to release 8.8. As you can see by looking at these release notes: https://www.openssh.com/txt/release-8.8
While I was able to regain access to the server using one of the newer and approved algorithms for OpenSSH 8.8. I then ran into an issue when I attempted to run the "barracuda up-stable" command.
It appears that the current script does not take into account the use of the newer and more secure algorithms recommended by the updated OpenSSH software. While it does appear that it is technically possible to force the updated OpenSSH to use the older RSA key, it is highly discouraged according to their documentation.
Please make a note of this potential issue when performing the update process. (It can be a real pain to try and regain access to the system, especially without any sort of warning.)
It would also be ideal to have the script allow for other key types to be recognized as well so that it does not cause a potential block when updating. While also encouraging best security practices with newer and more advanced algorithms.
Thanks!
The text was updated successfully, but these errors were encountered: