ā03-11-2024 10:39 AM - edited ā03-11-2024 10:41 AM
Anyone here that can confirm that the new firmware has some problems with passwordless ssh login via ssh-rsa keys?
After updating multiple x440G2 from 32.5.1.5 patch1-1 to 32.6.3.127 I'm no longer able to login with my rsa 3072 bit ssh key that worked prior to the update. I did a "conf ssh2 key alg rsa-sha2-256" and restarted the exsshd process after rebooting the switch to the new firmware but still couldn't login with the key after that. Logging in with password still works.
As client I'm using debian testing with ssh client version 9.6p1-4. The log shows:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-rsa key /home/**********/.ssh/id_rsa - corresponding algorithm not supported by server
debug1: Skipping ssh-rsa key **********@********** - corresponding algorithm not supported by server
My key has the following format:
3072 SHA256:***************************************/******************* my_ssh_key (RSA)
I also tried an rsa key with 4096 bit and an ed25519 key to no avail.
Solved! Go to Solution.
ā03-12-2024 06:23 AM
are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.
ā03-12-2024 06:23 AM
are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.
ā03-12-2024 06:35 AM
Shouldn't extreme fix problems like this without a customer creating a ticket. A firmware with a bug like that shouldn't even be released in the first place if you ask me.
I'll just downgrade and wait.
ā03-17-2024 02:19 PM
Extreme should do some code checking and testing of functions before releasing any version, quite correct. I'm sure they do, just not enough...
ā03-12-2024 07:06 AM
Who says that they won't fix it anyways?
IMO this bug isn't even that crucial.