Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3452 - can't conntect to dropbear using OpenSSH 8.4 #8323

Open
openwrt-bot opened this issue Nov 14, 2020 · 2 comments
Open

FS#3452 - can't conntect to dropbear using OpenSSH 8.4 #8323

openwrt-bot opened this issue Nov 14, 2020 · 2 comments
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release

Comments

@openwrt-bot
Copy link

Lothia:

Can't connect to dropbear after upgrading to Fedora 33

Using: OpenSSH_8.4p1, OpenSSL 1.1.1h FIPS 22 Sep 2020

Adding "PubkeyAcceptedKeyTypes=+ssh-dss" to $.ssh/config Hosts section solves the issue.

May be related to this: https://superuser.com/questions/1016989/ssh-dsa-keys-no-longer-work-for-password-less-authentication

@openwrt-bot
Copy link
Author

rathann:

This is due to revised security policies in Fedora 33+. See [[https://bugzilla.redhat.com/show_bug.cgi?id=1884920|Fedora bug 1884920]] and [[https://www.reddit.com/r/Fedora/comments/jhxbdh/no_ssh_public_key_auth_after_upgrade_to_fedora_33/|this Reddit thread]] . The solution would be to enable ED25519 or at least ECDSA key support in dropbear. And the actual work-around (Fedora-side) is to add this snippet to ~/.ssh/config:

Host openwrt-device.localdomain
PubkeyAcceptedKeyTypes +ssh-rsa

@openwrt-bot
Copy link
Author

jcharaoui:

Support for ed25519 has been merged in Dropbear for some time now:
https://github.com/mkj/dropbear/blob/master/CHANGES#L37-L38

The solution is to update the Dropbear package shipped by OpenWrt. The version currently available is nearly two years old...

@aparcar aparcar added the release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release
Projects
None yet
Development

No branches or pull requests

2 participants