cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Summit x440G2 32.6.3.127: SSH-Keys stopped working after update

Summit x440G2 32.6.3.127: SSH-Keys stopped working after update

schuert
New Contributor III

Anyone here that can confirm that the new firmware has some problems with passwordless ssh login via ssh-rsa keys?

After updating multiple x440G2 from 32.5.1.5 patch1-1 to 32.6.3.127 I'm no longer able to login with my rsa 3072 bit ssh key that worked prior to the update. I did a "conf ssh2 key alg rsa-sha2-256" and restarted the exsshd process after rebooting the switch to the new firmware but still couldn't login with the key after that. Logging in with password still works.

As client I'm using debian testing with ssh client version 9.6p1-4. The log shows:

 

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-rsa key /home/**********/.ssh/id_rsa - corresponding algorithm not supported by server
debug1: Skipping ssh-rsa key **********@********** - corresponding algorithm not supported by server

 

My key has the following format:
3072 SHA256:***************************************/******************* my_ssh_key (RSA)

I also tried an rsa key with 4096 bit and an ed25519 key to no avail.

1 ACCEPTED SOLUTION

FredrikB-NN2
Contributor

 are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.

View solution in original post

8 REPLIES 8

A case is almost always required if the version is actually released. It has then passed QA testing and is considered OK with some remarks in the release notes and some secret CFDs they won't reveal. Anything else neds to be detected and reported by a customer. I guess if they do find anything internally they will fix it, but they won't, to my knowledge, actively look for it.

B.t.w., if this is related to CFD 10466, it has been known since December 20th.
EXOS 32.6.1, EXOS Master, SSH with public keys not working

I'm curious... Where did you find details to CDF 10466?

btw, we have a GTAC article now: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000117492

It will be fixed in 32.7.

Stefan_K_
Valued Contributor

Similar thread: SSH Key based authentication on 5520 32.6.1.5 (Lat... - Extreme Networks - 99537

Best and fastest way would be to get in touch with GTAC. 

And that's why I stay with 31.7 for now šŸ™‚ 

GTM-P2G8KFN