Launchpad doesn't support secure SSH parameters
Bug #1933722 reported by
Sam Bull
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Colin Watson | ||
lazr.sshserver |
Fix Released
|
High
|
Colin Watson | ||
turnip |
Fix Released
|
High
|
Colin Watson | ||
txpkgupload |
Fix Released
|
High
|
Colin Watson |
Bug Description
With a secure config created for SSH, I am unable to connect without adding a weakened config for launchpad.
For example:
Unable to negotiate with 91.189.95.84 port 22: no matching host key type found. Their offer: ssh-rsa
ssh-rsa is considered insecure, enough that I believe it has been disabled by default in openssh now. Maybe it should be disabled for LP, but it certainly shouldn't be the ONLY option for connecting. This is currently required for both HostKeyAlgorithms and PubkeyAcceptedK
Additionally, I need to add hmac-sha2-512 to MACs, because LP doesn't support any etm versions, for example: <email address hidden> or <email address hidden>
Related branches
~andrey-fedoseev/turnip/+git/dependencies:update-twisted
Superseded
for merging
into
turnip:master
- Launchpad code reviewers: Pending requested
-
Diff: 780 lines (+0/-0)0 files modified
~cjwatson/txpkgupload:Twisted-20.3.0+lp6
Merged
into
txpkgupload:master
- Jürgen Gmach: Approve
-
Diff: 13 lines (+1/-1)1 file modifiedrequirements.txt (+1/-1)
~cjwatson/txpkgupload/+git/dependencies:Twisted-20.3.0+lp6
- Jürgen Gmach: Approve
-
Diff: 4 lines (+0/-0)0 files modified
~cjwatson/launchpad:ssh-ed25519
Merged
into
launchpad:master
- Ioana Lasc (community): Approve
-
Diff: 128 lines (+35/-9)5 files modifiedlib/lp/registry/interfaces/ssh.py (+9/-2)
lib/lp/registry/stories/person/xx-add-sshkey.txt (+14/-3)
lib/lp/registry/templates/person-editsshkeys.pt (+3/-4)
lib/lp/registry/tests/test_ssh.py (+7/-0)
lib/lp/testing/factory.py (+2/-0)
~cjwatson/txpkgupload:Twisted-20.3.0+lp5
Merged
into
txpkgupload:master
- Ioana Lasc (community): Approve
-
Diff: 53 lines (+6/-3)2 files modifiedrequirements.txt (+5/-2)
setup.py (+1/-1)
~cjwatson/turnip:Twisted-20.3.0+lp5
Merged
into
turnip:master
- Ioana Lasc (community): Approve
-
Diff: 50 lines (+6/-8)2 files modifiedrequirements.txt (+5/-7)
setup.py (+1/-1)
~cjwatson/launchpad:Twisted-20.3.0+lp5
Merged
into
launchpad:master
- Ioana Lasc (community): Approve
-
Diff: 22 lines (+2/-2)1 file modifiedrequirements/launchpad.txt (+2/-2)
~cjwatson/txpkgupload/+git/dependencies:Twisted-20.3.0+lp5
- Ioana Lasc (community): Approve
-
Diff: 20 lines (+0/-0)0 files modified
~cjwatson/turnip/+git/dependencies:Twisted-20.3.0+lp5
- Ioana Lasc (community): Approve
-
Diff: 12 lines (+0/-0)0 files modified
~cjwatson/lp-source-dependencies:Twisted-20.3.0+lp5
- Ioana Lasc (community): Approve
-
Diff: 8 lines (+0/-0)0 files modified
~cjwatson/lazr.sshserver:rsa-sha2
- Ioana Lasc (community): Approve
-
Diff: 45 lines (+6/-3)2 files modifiedNEWS.txt (+2/-0)
src/lazr/sshserver/auth.py (+4/-3)
~cjwatson/twisted:conch-rsa-sha2-ed25519
- Ioana Lasc (community): Approve
-
Diff: 3023 lines (+1672/-178)23 files modifieddocs/conch/examples/sshsimpleserver.py (+16/-9)
docs/installation/howto/optional.rst (+3/-0)
src/twisted/_version.py (+11/-5)
src/twisted/conch/newsfragments/10208.feature (+1/-0)
src/twisted/conch/newsfragments/10266.feature (+1/-0)
src/twisted/conch/newsfragments/8966.feature (+1/-0)
src/twisted/conch/newsfragments/9765.feature (+1/-0)
src/twisted/conch/scripts/ckeygen.py (+42/-4)
src/twisted/conch/ssh/_kex.py (+2/-1)
src/twisted/conch/ssh/_keys_pynacl.py (+196/-0)
src/twisted/conch/ssh/factory.py (+7/-1)
src/twisted/conch/ssh/keys.py (+218/-44)
src/twisted/conch/ssh/transport.py (+184/-35)
src/twisted/conch/ssh/userauth.py (+2/-2)
src/twisted/conch/test/keydata.py (+21/-0)
src/twisted/conch/test/test_ckeygen.py (+58/-7)
src/twisted/conch/test/test_keys.py (+506/-32)
src/twisted/conch/test/test_recvline.py (+1/-1)
src/twisted/conch/test/test_ssh.py (+36/-3)
src/twisted/conch/test/test_transport.py (+350/-28)
src/twisted/python/_setup.py (+6/-1)
src/twisted/python/test/test_setup.py (+4/-4)
tox.ini (+5/-1)
description: | updated |
To post a comment you must log in.
This mainly needs to be fixed in Twisted upstream, but the key algorithm types will probably also then need some enablement work in lazr.sshserver. And then we'll have somewhat similar problems as in bug 907675, in that we need to finish the upgrade to Python 3 and also upgrade to Ubuntu 18.04 in order to be able to use recent upstream versions of Twisted.