[DRE-maint] Bug#1009155: ruby-net-ssh: Fails to connect to OpenSSH 8.8 and later
Lucas Nussbaum
lucas at debian.org
Thu Apr 7 21:36:58 BST 2022
Package: ruby-net-ssh
Version: 1:6.1.0-2
Severity: normal
Hi,
net-ssh fails to connect to OpenSSH 8.8 and later. This means that we
cannot connect to Debian 'testing' machines.
The problem is twofold:
1/
ssh-rsa was removed as a host key algorithm, so net-ssh fails to
negotiate such an algorithm with the following error message:
/usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:407:in `negotiate': could not settle on host_key algorithm (Net::SSH::Exception)
Server host_key preferences: rsa-sha2-512,rsa-sha2-256
Client host_key preferences: ssh-ed25519-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-rsa
This was tracked upstream in https://github.com/net-ssh/net-ssh/issues/712, and fixed in 6.2.0~beta1.
I just updated the package in unstable to 6.3.0~beta1, so this part is
fixed.
2/
ssh-rsa was also removed as a public key auth algorithm.
when connecting, this results in this error server-side (in auth.log):
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
This can be worked around server-side by adding
PubkeyAcceptedKeyTypes=+ssh-rsa
in sshd_config
This is tracked upstream as https://github.com/net-ssh/net-ssh/issues/836
fixed by this MR: https://github.com/net-ssh/net-ssh/pull/838
I looked into backporting this to the Debian package, but this is
painful because there has been a coding style change in the meantime...
Lucas
More information about the Pkg-ruby-extras-maintainers
mailing list