openssh deprecates ssh-rsa key type: maybe update vagrant insecure key #11783
Comments
|
Hey there @dustymabe - thanks for the heads up, that makes sense. |
Thanks!
It's not a warning that can be ignored. It's an error. The I do the box builds for Fedora and publish them to https://app.vagrantup.com/fedora. Other distros are going to hit this soon, Fedora just happens to be one of the earliest to pick things up. |
|
Ohhh, I see! Well that makes sense. Thanks for letting us know then @dustymabe |
|
This may not be for everyone, but my team has found that incorporating |
|
Fedora 33 is now in Beta. (Edit: Upstream OpenSSH is still planning on deprecating the RSA-SHA1 key type). |
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
@jshimkus-rh I am now implementing |
|
> On Nov 1, 2020, at 23:08, Wong Hoi Sing Edison ***@***.***> wrote:
>
>
> This may not be for everyone, but my team has found that incorporating update-crypto-policies --set LEGACY
> in Fedora 33 vagrant box generation does successfully set the policies such that vagrant can communicate with the box during vagrant up.
>
> @jshimkus-rh I am now implementing update-crypto-policies --set LEGACY for lavabit/robox#173, but always get reinitialized to DEFAULT during first vagrant up. May you share some hints about your successful story?
>
I took at look at your change and one difference that jumps out is that we added a crypto-policies.sh (see attached) and placed it immediately after swap.sh in the fedora33 .json file:
"provisioners": [
{
...
"scripts": [
"{{user `bento_file_dir`}}scripts/swap.sh",
"{{user `bento_file_dir`}}scripts/crypto-policies.sh",
"{{user `bento_file_dir`}}scripts/fix-slow-dns.sh",
"{{user `bento_file_dir`}}scripts/build-tools-30.sh",
"{{user `bento_file_dir`}}scripts/install-supporting-packages.sh",
"{{user `bento_file_dir`}}../_common/motd.sh",
"{{user `bento_file_dir`}}../_common/sshd.sh",
"{{user `bento_file_dir`}}../_common/virtualbox.sh",
"{{user `bento_file_dir`}}../_common/vmware.sh",
"{{user `bento_file_dir`}}../_common/parallels.sh",
"{{user `bento_file_dir`}}../_common/vagrant.sh",
"{{user `bento_file_dir`}}scripts/cleanup.sh",
"{{user `bento_file_dir`}}../_common/minimize.sh"
],
...
}
],
Other than that it doesn't seem fundamentally different.
|
|
For those trying to figure out how to work around this, check out what I did in the official fedora vagrant box for now: https://pagure.io/fedora-kickstarts/pull-request/669#request_diff |
Upstream SSH has been claiming for a few releases now that:
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
See hashicorp/vagrant#11783 (comment)
dunno whether it should have done - probably not - but this workaround didn't make it into the fedora 33 cloudbase amis (eg ami-0edca001b0a05f840) |
|
The Fedora cloud images uploaded to AWS aren't specific to vagrant so they weren't updated to workaround this problem. |
|
Hi everyone, I was confused on why this was still an issue with the net-ssh backports in place to support the rsa-sha2-256 (and 512 variant) signatures. There is no issue with RSA keys so long as they are SSH2 keys, not SSH1. From the OpenSSH release notes (https://www.openssh.com/txt/release-8.5):
In fact, we can see this is actually the case by removing When a provision script is attempted to be run by Vagrant, we see that there's an error connecting. However, if we run: We can connect as expected. This means that as far as OpenSSH is concerned, the RSA keys we are attempting to use are in fact valid. The After digging through a bunch of code in the net-ssh library, the OpenSSH source, and some of the OpenSSL source I happened upon this commit: openssh/openssh-portable@d1e578a wherein the client has been updated to send the signature algorithm in the Cheers! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Vagrant version
vagrant-2.2.9
Host operating system
Fedora 31
Guest operating system
Fedora Rawhide (will become Fedora 33) with
openssh-8.3p1-3.fc33.x86_64andcrypto-policies-20200702-1.gitc40cede.fc33.noarch.Vagrantfile
Any vagrantfile
Expected behavior
vagrant upworks.vagrant sshworks.Actual behavior
Gets stuck at
Waiting for SSH to become available.... Inside the box in the logs we see:Description
Upstream SSH has been claiming for a few releases now that:
Distributions are picking up on this and deprecating
ssh-rsa. Fedora did this recently and it will land in the next major Fedora release. We should consider updating the pubkey to something that uses a newer algorithm.The text was updated successfully, but these errors were encountered: