Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 BUG: ssh-rsa keys not accepted with lighthouse sshd config option #774

Closed
noyez opened this issue Nov 14, 2022 · 3 comments
Closed

🐛 BUG: ssh-rsa keys not accepted with lighthouse sshd config option #774

noyez opened this issue Nov 14, 2022 · 3 comments

Comments

@noyez
Copy link

noyez commented Nov 14, 2022

What version of nebula are you using?

1.6.1

What operating system are you using?

Linux

Describe the Bug

I'm not sure where else to put this but in case someone else runs in this same issue, i thought it would be helpful to create this report. Also I can't say i'm well versed in ssh key types/algorithms or nebula, so perhaps something else is awry here.

While trying to enable the sshd option to use the list-hostmap command. i used the existing bug report #640 to guide me however it didn't work b/c it seems the ssh-rsa -- the default key type when creating ssh-keys -- is not an accepted algorithm for the lighthouse ssh-keys feature (this took me a while to figure out).

The symptoms is that once the sshd feature was configured, and i tried to ssh into the instance the following error would be reported on the nebula lighthouse instance:
error="[ssh: no auth passed yet]" remoteAddress="127.0.0.1:47282" subsystem=sshd

While the ssh-client was getting generated the following logs:

 » ssh -i ssh_user.key -p 2222 localhost -l root -v list-hostmap
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
...
debug1: Will attempt key: ssh_user.key RSA SHA256:ds2gAHOMY9+hlqaFV6fAtWx4iLT33HC3KYBYvB0LyKk explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ssh_user.key RSA SHA256:ds2gAHOMY9+hlqaFV6fAtWx4iLT33HC3KYBYvB0LyKk explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
root@localhost: Permission denied (publickey).

Note: debug1: No more authentication methods to try.

Then i decided to recreate the auth keys using the ed25519 algorithm rather than the default rsa algo:

ssh-keygen -f ssh_user.key -t ed25519

Then : ssh -i ssh_user.key -p 2222 localhost -l root

and all was good.

Logs from affected hosts

No response

Config files from affected hosts

No response
@wadey
Copy link
Member

wadey commented Nov 14, 2022

It looks like this was just fixed upstream in x/crypto v0.3.0

golang/go#49952 (comment)

@noyez
Copy link
Author

noyez commented Nov 15, 2022

I'll close since its not a direct bug in nebula, and if anyone else hits this bug hopefully this issue will pop-up in their search.

@noyez noyez closed this as completed Nov 15, 2022
@wadey
Copy link
Member

wadey commented Nov 22, 2022

#780 will fix this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wadey @noyez