Page MenuHomeVyOS Platform
Create Task
Maniphest T4750

Support of higher level SSH keys (sk-ssh-ed25519)
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Hi,

it would be great to support more ssh keys types for example sk-ssh-ed25519.
As far as I know the underlying OpenSSH already supports them.
So the only limitation is the VyOS configuration.

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Arc771 created this task.Oct 14 2022, 11:56 AM
Arc771 changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
Viacheslav added a subscriber: Viacheslav.Oct 14 2022, 12:29 PM

We already have task T4720

Arc771 closed this task as Resolved.Oct 14 2022, 12:31 PM
Arc771 claimed this task.

My fault. Sorry.

Viacheslav added a comment.Oct 14 2022, 12:36 PM

Also, it should be enabled by default (at least in ssh documentation)
Could you check it?

Arc771 added a comment.Oct 14 2022, 12:38 PM

What do you mean by "enable by default"?
The issue is that, right now, we are unable to add these kind of ssh keys because the cli won't let you define the type.

Viacheslav added a comment.Oct 14 2022, 12:49 PM

I mean Linux man https://man7.org/linux/man-pages/man5/sshd_config.5.html

HostKeyAlgorithms
        Specifies the host key signature algorithms that the server
        offers.  The default for this option is:

           [email protected],
           [email protected],
           [email protected],
           [email protected],
           [email protected],
           [email protected],
           [email protected],
           [email protected],
           [email protected],
           ssh-ed25519,
           ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
           [email protected],
           [email protected],
           rsa-sha2-512,rsa-sha2-256,ssh-rsa
Arc771 added a comment.Oct 14 2022, 12:58 PM

Ah, yea that is true.
They are enabled by default.

The only issue is the vyos cli that simply didn't know them.

pasik added a subscriber: pasik.Oct 14 2022, 1:05 PM
Viacheslav reopened this task as Open.Nov 1 2022, 8:00 AM

So the original task means that we don't have new CLI options in login keys
Missing sk-ssh-ed25519

vyos@r14# set system login user foo authentication public-keys foo type 
Possible completions:
   ssh-dss              None
   ssh-rsa              None
   ecdsa-sha2-nistp256  None
   ecdsa-sha2-nistp384  None
   ssh-ed25519          None
   ecdsa-sha2-nistp521
Viacheslav removed Arc771 as the assignee of this task.Nov 1 2022, 8:00 AM
Viacheslav mentioned this in T4720: Ability to configure SSH HostKeyAlgorithms.
c-po changed the task status from Open to In progress.Nov 1 2022, 8:03 AM
c-po claimed this task.
c-po changed the task status from In progress to Needs testing.Nov 1 2022, 8:22 AM
c-po triaged this task as Normal priority.
c-po closed this task as Resolved.Nov 17 2022, 9:05 PM
Viacheslav mentioned this in T4826: Wrong key type is used for SSH SK public keys.Nov 17 2022, 9:12 PM