This repository was archived by the owner on Oct 16, 2020. It is now read-only.
Upgrading to latest -STABLE caused key signatures to break #1186
Milestone
Comments
|
/cc @jonboulle Is this a fleet-specific issue? |
|
It seems like this is probably specific to how fleet deals with multiple hostkeys: the OpenSSH command line client will happily use the old key but fleet won't, it seems. Can trigger a similar symptom with the OpenSSH client by disabling its use of the old key algorithm when it asks for a host key, e.g. |
This was referenced Apr 1, 2016
tixxdz
pushed a commit
to endocode/fleet
that referenced
this issue
Apr 1, 2016
Retrieve remote host Key Algorithms from known_host if they are there and use them to perform ssh handshake. Otherwise fallback to default values suggested by remote. This patch is based from a previous patch written by: kayrus <kay.diam@gmail.com> Resolves coreos#1526 and coreos/bugs#1186
tixxdz
pushed a commit
to endocode/fleet
that referenced
this issue
Apr 1, 2016
Retrieve remote host Key Algorithms from known_host if they are there and use them to perform ssh handshake. Otherwise fallback to default values suggested by remote. This patch is based from a previous patch written by: kayrus <kay.diam@gmail.com> Resolves coreos#1526 and coreos/bugs#1186
mischief
pushed a commit
to mischief/fleet
that referenced
this issue
Apr 5, 2016
Retrieve remote host Key Algorithms from known_host if they are there and use them to perform ssh handshake. Otherwise fallback to default values suggested by remote. This patch is based from a previous patch written by: kayrus <kay.diam@gmail.com> Resolves coreos#1526 and coreos/bugs#1186
|
Fixed via coreos/coreos-overlay#1865. |
hectorj2f
pushed a commit
to giantswarm/fleet
that referenced
this issue
Apr 6, 2016
Retrieve remote host Key Algorithms from known_host if they are there and use them to perform ssh handshake. Otherwise fallback to default values suggested by remote. This patch is based from a previous patch written by: kayrus <kay.diam@gmail.com> Resolves coreos#1526 and coreos/bugs#1186
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
I was running a 835.13.0 STABLE coreOS cluster, and upgraded to 899.13.0. After upgrade, none of my clients that use fleetctl (like my build system) could connect, as ssh was complaining the key signature changed and a possible MitM attack was occurring.
From the release notes, it looks like the cause may have been this change in 899.10.0:
Here's one example entry in my .fleetctl/known_hosts from before the upgrade:
and after:
This isn't a breaking issue as I worked around it by wiping the known_hosts file and recreating it with the proper new keys, but it may help others to call it out more explicitly on the release page.
The text was updated successfully, but these errors were encountered: