cancel
Showing results for 
Search instead for 
Did you mean: 

Summit x440G2 32.6.3.127: SSH-Keys stopped working after update

Summit x440G2 32.6.3.127: SSH-Keys stopped working after update

schuert
New Contributor III

Anyone here that can confirm that the new firmware has some problems with passwordless ssh login via ssh-rsa keys?

After updating multiple x440G2 from 32.5.1.5 patch1-1 to 32.6.3.127 I'm no longer able to login with my rsa 3072 bit ssh key that worked prior to the update. I did a "conf ssh2 key alg rsa-sha2-256" and restarted the exsshd process after rebooting the switch to the new firmware but still couldn't login with the key after that. Logging in with password still works.

As client I'm using debian testing with ssh client version 9.6p1-4. The log shows:

 

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-rsa key /home/**********/.ssh/id_rsa - corresponding algorithm not supported by server
debug1: Skipping ssh-rsa key **********@********** - corresponding algorithm not supported by server

 

My key has the following format:
3072 SHA256:***************************************/******************* my_ssh_key (RSA)

I also tried an rsa key with 4096 bit and an ed25519 key to no avail.

1 ACCEPTED SOLUTION

FredrikB-NN2
Contributor

 are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.

View solution in original post

8 REPLIES 8

FredrikB-NN2
Contributor

 are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.

schuert
New Contributor III

Shouldn't extreme fix problems like this without a customer creating a ticket. A firmware with a bug like that shouldn't even be released in the first place if you ask me.

I'll just downgrade and wait.

Extreme should do some code checking and testing of functions  before releasing any version, quite correct. I'm sure they do, just not enough...

Stefan_K_
Valued Contributor

Who says that they won't fix it anyways?

IMO this bug isn't even that crucial.

GTM-P2G8KFN