Opened 3 years ago

Closed 5 months ago

#12660 closed bug (fixed)

OpenSSH regression

Reported by: miqlas Owned by: nobody
Priority: normal Milestone: R1
Component: - General Version: R1/Development
Keywords: ssh, sshd Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description (last modified by korli)

The actual Haiku gcc2h have a regression in OpenSSH. During a vanilla gcc2h install it can't generate the ssh keys:

"Generating public/private rsa1 key pair. Saving key "/boot/system/settings/ssh/ssh_host_key" failed: unknown or unsupported key type"

The login through SSH impossible.

Attachments (3)

openssh_log_hrev50095_gcc2h_22022012.txt (2.3 KB) - added by miqlas 3 years ago.
sshd_strace_hrev50095_gcc2h_22022012.txt (17.9 KB) - added by miqlas 3 years ago.
ssh_strace_hrev50095_gcc2h_22022012.txt (41.1 KB) - added by miqlas 3 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 3 years ago by korli

Description: modified (diff)
Summary: OpenSSH regessionOpenSSH regression

comment:2 Changed 3 years ago by miqlas

comment:3 Changed 3 years ago by miqlas

Log from up-to date Haiku. I deletedd all the keyfiles, and ran the /boot/system/boot/post-install/sshd_keymaker.sh script to regenerate them. It can't generate the rsa1 keys.

Changed 3 years ago by miqlas

comment:4 Changed 3 years ago by miqlas

Tried to login into Haiku. Everything was set up like here: https://www.haiku-os.org/guides/daily-tasks/netservices See the attached strace output.

$ ssh user@192.168.178.129
The authenticity of host '192.168.178.129 (192.168.178.129)' can't be established.
ECDSA key fingerprint is SHA256:/+dRDMqe7/rhhSgX5SHWRugjL2Bmt3pYowyeUk5+xkU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.178.129' (ECDSA) to the list of known hosts.
user@192.168.178.129's password:
Permission denied, please try again.
user@192.168.178.129's password:
Permission denied, please try again.
user@192.168.178.129's password:
Connection closed by 192.168.178.129
Last edited 3 years ago by miqlas (previous) (diff)

Changed 3 years ago by miqlas

Changed 3 years ago by miqlas

comment:5 Changed 3 years ago by miqlas

It is actually not a regression, but a feature in OpenSSH7.

The config file in /system/settings/ssh/sshd_config contains a line: #PermitRootLogin prohibit-password

Though it commented out, it doesn't let the root user login with password. To revert to the OpenSSH6 behavior, we need to change that line to the following:

PermitRootLogin yes #(notice the removed hashmark at the beginning!)

After a reboot it works, tested with the latest nightly gcc2h.

I think, we should update the https://www.haiku-os.org/guides/daily-tasks/netservices page, as it outdated (the default install have sshd user), to contain this information.

I need to say, i haven't tested the key-based login, but PulkoMandy told: it works.

You can close this ticket now. Thank you guys!

comment:6 Changed 3 years ago by pulkomandy

Milestone: R1/beta1R1

I'm leaving this open because the use of that option is maybe a bit confusing in Haiku's case (it is not expected that the default user is root). If we decide to do nothing about it, at least the docs should be updated.

comment:7 Changed 5 months ago by waddlesplash

Resolution: fixed
Status: newclosed

The docs have since been updated.

Note: See TracTickets for help on using tickets.