Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-allow RSA host keys with SSH #24

Merged
merged 1 commit into from
Mar 24, 2022
Merged

Re-allow RSA host keys with SSH #24

merged 1 commit into from
Mar 24, 2022

Conversation

jasongill
Copy link
Contributor

RSA host keys are disabled by default on OpenSSH 8.8+ which is used by the base Alpine image, but many servers still use RSA host keys. See https://www.openssh.com/txt/release-8.8 under "Potentially-incompatible changes".

Obviously the ideal solution would be to upgrade OpenSSH on the destination servers, but that's not always feasible, so to allow this Github Action to work with older SSH servers, this pull requests adds the required ssh command line options to re-enable support for SSH host keys.

If you are using an up-to-date SSH server version, the option is ignored so this doesn't weaken security for anyone who is using a more secure server version.

Due to the way the entrypoint.sh script is written, I don't know that there's any better way to set these SSH command line options - you cannot override the "-e" option on the rsync command line using the "switches" variable as it gets overwritten after the switches are specified.

@jasongill
Allow RSA host keys
c7baefd 
RSA host keys are disabled by default on OpenSSH 8.8+ which is used by the base Alpine image, but many servers still use RSA host keys
@Burnett01
Copy link
Owner

Hello @jasongill thank you for your contribution. I‘m planning on implementing a CI pipeline that can test the current implementation against multiple SSH servers. Your change will also then tested against it and merged afterwards.

The pipeline will be ready in a week.

Thanks once again and expect my reply.

Greetings :)

@Burnett01 Burnett01 self-assigned this Mar 9, 2022
@Burnett01 Burnett01 self-requested a review March 9, 2022 23:06
@Burnett01 Burnett01 added the enhancement New feature or request label Mar 9, 2022
@Burnett01 Burnett01 changed the base branch from master to release/5.3 March 24, 2022 18:04
@Burnett01
Copy link
Owner

Hey Jason I switched the base target to release/5.3 and will conduct the testing and release prep on that branch. It could take some time until I report back.

@Burnett01
Copy link
Owner

Thanks for your contribution once again.
This PR will be merged into release/5.3 and that branch will then be tested.

@Burnett01 Burnett01 merged commit a078b62 into Burnett01:release/5.3 Mar 24, 2022
@Burnett01 Burnett01 removed their request for review March 24, 2022 18:07
@jasongill jasongill deleted the patch-1 branch May 12, 2022 12:44
@jasongill
Copy link
Contributor Author

great, thanks @Burnett01! looking forward to the new version. thank you for your hard work on this great Github Action!

@Burnett01 Burnett01 mentioned this pull request Nov 29, 2023
Closed
@Burnett01 Burnett01 mentioned this pull request Mar 6, 2024
Merged
Burnett01 added a commit that referenced this pull request Mar 6, 2024
@Burnett01
feat: configuarable legacy RSA hostkeys support
0087195 
Ability to configure legacy rsa hostkeys support for
OpenSSH servers < 8.8.
Related to #24 and  9603fc8
@Burnett01 Burnett01 mentioned this pull request Mar 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Burnett01 Burnett01

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jasongill @Burnett01