ā03-11-2024 10:39 AM - edited ā03-11-2024 10:41 AM
Anyone here that can confirm that the new firmware has some problems with passwordless ssh login via ssh-rsa keys?
After updating multiple x440G2 from 32.5.1.5 patch1-1 to 32.6.3.127 I'm no longer able to login with my rsa 3072 bit ssh key that worked prior to the update. I did a "conf ssh2 key alg rsa-sha2-256" and restarted the exsshd process after rebooting the switch to the new firmware but still couldn't login with the key after that. Logging in with password still works.
As client I'm using debian testing with ssh client version 9.6p1-4. The log shows:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-rsa key /home/**********/.ssh/id_rsa - corresponding algorithm not supported by server
debug1: Skipping ssh-rsa key **********@********** - corresponding algorithm not supported by server
My key has the following format:
3072 SHA256:***************************************/******************* my_ssh_key (RSA)
I also tried an rsa key with 4096 bit and an ed25519 key to no avail.
Solved! Go to Solution.
ā03-12-2024 06:23 AM
are issues with SSH in 32.6 specifically. You can try to recreate the keys in the switch, but I doubt it will help. TAC is the way to go.
ā03-17-2024 02:25 PM
A case is almost always required if the version is actually released. It has then passed QA testing and is considered OK with some remarks in the release notes and some secret CFDs they won't reveal. Anything else neds to be detected and reported by a customer. I guess if they do find anything internally they will fix it, but they won't, to my knowledge, actively look for it.
ā03-17-2024 02:30 PM
B.t.w., if this is related to CFD 10466, it has been known since December 20th.
EXOS 32.6.1, EXOS Master, SSH with public keys not working
ā03-19-2024 07:23 AM
I'm curious... Where did you find details to CDF 10466?
btw, we have a GTAC article now: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000117492
It will be fixed in 32.7.
ā03-11-2024 10:51 AM - edited ā03-11-2024 10:54 AM
Similar thread: SSH Key based authentication on 5520 32.6.1.5 (Lat... - Extreme Networks - 99537
Best and fastest way would be to get in touch with GTAC.
And that's why I stay with 31.7 for now š