Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RSAAuthentication deprecated #717

Closed
loodvn opened this issue Jun 15, 2022 · 4 comments
Closed

RSAAuthentication deprecated #717

loodvn opened this issue Jun 15, 2022 · 4 comments

Comments

@loodvn
Copy link
Contributor

loodvn commented Jun 15, 2022
edited
Loading

Hi there,

I'm getting the following warnings when using pxssh.login:

command-line line 0: Unsupported option "rsaauthentication"

My understanding is openSSH (https://www.openssh.com/releasenotes.html) and ssh_config (https://man.openbsd.org/ssh_config) dropped support for RSA authentication for quite some time.

It seems to come from whenever SSH_OPTS is used (

pexpect/pexpect/pxssh.py

Line 146 in acb017a

self.SSH_OPTS = ("-o'RSAAuthentication=no'"
), e.g. when self.force_password is True:

pexpect/pexpect/pxssh.py

Line 321 in 2be6c4d

if self.force_password:

Is that option still necessary or is PubkeyAuthentication=no sufficient?

Explanation of the deprecation that provided context for me: https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd (from https://askubuntu.com/a/1407251)
@Red-M
Copy link
Member

Red-M commented Feb 14, 2023

Thanks but its recommended to move away from pxssh as per the notice in the documentation here.

I can't find the reference in the openssh's release notes that say they dropped RSAAuthentication support. I assume this might be a per distro option?

I'm happy to review a PR to remove the option but you are able to subclass pxssh.pxssh() to change it as a "monkey patch"

@Red-M Red-M closed this as completed Feb 14, 2023
@loodvn
Copy link
Contributor Author

loodvn commented Feb 14, 2023

Yeah I've struggled to get the precise note of the dropped support... Also I know veeeery little about OpenSSH/SSH haha, just trying to help out if there's a way to reduce users' confusion from this warning.

It seems from https://unix.stackexchange.com/questions/337774/deprecated-options-when-restarting-openssh-in-stretch and https://community.centminmod.com/threads/centos-7-4-sshd-deprecated-rsaauthentication.13137/ that after OpenSSH version 7.3+ they dropped support for SSH v1, which included the RSAAuthentication option.

And the last time I saw it in the ssh_config docs was here with OpenBSD-6.0:
RSAAuthentication
Specifies whether pure RSA authentication is allowed. The default is “yes”. This option applies to protocol version 1 only.

So I guess since SSH v1 is so old there's no harm in removing the option right? If so I'll put in a PR 👍

@Red-M
Copy link
Member

Red-M commented Feb 14, 2023
edited
Loading

I'm cautious of legacy breakage here is all, I think it has been an acceptable amount of time to remove that option since the last time it was in the docs was 2016.

@Red-M Red-M reopened this Feb 14, 2023
@loodvn
Copy link
Contributor Author

loodvn commented Feb 14, 2023
edited
Loading

Thanks, and I think especially because SSHv1 hasn't been actively maintained since like early 2000s, but again, I'm a newbie to all this.
Putting in the PR now: #744

@Red-M Red-M closed this as completed in 5408084 Feb 14, 2023
Red-M added a commit that referenced this issue Feb 14, 2023
@Red-M
Merge pull request #744 from loodvn/patch-1
4c768bd 
Remove deprecated RSAAuthentication option (SSHv1), fixes #717
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Red-M @loodvn