Hi,
Back at the start of June the version of OpenSSH that we run on the
Xen Shell hosts was updated in order to provide support for
ecdsa-sk and ed25519-sk keys. These are used with "security key"
devices which support FIDO/U2F and was done after customer request.
At the same time this version of SSH disables the ssh-rsa signature
scheme. Older ssh clients may fail to negotiate an SSH connection to
the Xen Shell hosts (i.e. when you do "ssh
username(a)username.console.bitfolk.com") due to this.
If you see an error that reads something like this:
Couldn't agree a key exchange algorithm (available
curve25519-sha256,curve25519-sha256(a)libssh.org,ecdh-sha2-nistp256,
ecdh-sha2-nistp384,ecdh-sha2-nistp512,diffie-hellman-group16-sha512,
diffiehellman-group18-sha512,diffie-hellman-group14-sha256)
then this is the problem. You do not need to change your
authentication keys (if any) because that is not the problem. You
need to upgrade your SSH client.
The above message was from PuTTY 0.64; version 0.78 and above are
known to work.
ssh-rsa was deprecated since version 8.2 of the server in February
2020:
https://www.openssh.com/txt/release-8.2
Future deprecation notice
=========================
It is now possible[1] to perform chosen-prefix attacks against
the SHA-1 hash algorithm for less than USD$50K. For this reason,
we will be disabling the "ssh-rsa" public key signature
algorithm that depends on SHA-1 by default in a near-future
release.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
and Application to the PGP Web of Trust" Leurent, G and
Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf
It was then disabled from version 8.8 in September 2021:
https://www.openssh.com/txt/release-8.8
Potentially-incompatible changes
================================
This release disables RSA signatures using the SHA-1 hash
algorithm by default. This change has been made as the SHA-1
hash algorithm is cryptographically broken, and it is possible
to create chosen-prefix hash collisions for <USD$50K.
For most users, this change should be invisible and there is no
need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing
ssh-rsa keys will automatically use the stronger algorithm where
possible.
If you are unsure whether this affects you, just verify that you can
connect to your Xen Shell host. If you can't, and you can't find a
way to upgrade your client (or doing so is ineffective), please let
us know at support(a)bitfolk.com.
Again, this not about rsa authentication keys. You do not need to
abandon ssh-rsa public keys:
https://ikarus.sg/rsa-is-not-dead/
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting