Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SSH communicator connections for rsa keys #12298

Merged
merged 2 commits into from Apr 13, 2021
Merged

Fix SSH communicator connections for rsa keys #12298

merged 2 commits into from Apr 13, 2021

Conversation

chrisroberts
Copy link
Member

This fixes an issue introduced from updates to OpenSSH which modifies
the expectations on a user authentication request wanting the signature
algorithm being used and no longer the name of the key type.

Fixes #11783

@chrisroberts
Add #signature_algorithm and update #ssh_do_sign and #to_blob
246058f 
    Modifies `OpenSSL::PKey::RSA` to provide a `#signature_algorithm`
    method which provides the signature algorithm value expected by
    OpenSSH. The `#ssh_do_sign` method is updated to use the set
    algorithm (SHA256) and `#to_blob` is updated to include the
    signature algorithm instead of the key type.
@chrisroberts
Tighten constraints on net-ssh to ensure functionality. Update patch
a08597d 
    Keep the constraint on net-ssh tight so we can be confident that the
    patching will be successful and that a net-ssh release won't inadvertently
    cause our local updates to become non-functional.

    Fix patch to only update the behavior for RSA based keys when the server
    is recent enough to include the signature changes
@chrisroberts chrisroberts mentioned this pull request Apr 13, 2021
Closed
soapy1
soapy1 approved these changes Apr 13, 2021
View reviewed changes
Copy link
Contributor

@soapy1 soapy1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔑

@chrisroberts chrisroberts merged commit be154df into hashicorp:main Apr 13, 2021
@chrisroberts chrisroberts deleted the fix-rsa-ssh branch April 13, 2021 22:55
@ghost
Copy link

ghost commented May 14, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@hashicorp hashicorp locked as resolved and limited conversation to collaborators May 14, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@soapy1 soapy1 soapy1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openssh deprecates ssh-rsa key type: maybe update vagrant insecure key
2 participants
@chrisroberts @soapy1