cloud vagrant: continue to support vagrant insecure rsa key
Upstream SSH has been claiming [1] for a few releases now that:
```
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
```
In Fedora we switched recently [2] to disallow ssh-rsa. I filed a bug
upstream [3] for Vagrant to stop using an rsa key. For now let's workaround
the issue.
[1] https://www.openssh.com/txt/release-8.3
[2] b298a9e107
[3] https://github.com/hashicorp/vagrant/issues/11783
This commit is contained in:
parent
b5c953f75b
commit
b7dd998453
@ -53,6 +53,12 @@ EOKEYS
|
|||||||
chmod 600 ~vagrant/.ssh/authorized_keys
|
chmod 600 ~vagrant/.ssh/authorized_keys
|
||||||
chown -R vagrant:vagrant ~vagrant/.ssh/
|
chown -R vagrant:vagrant ~vagrant/.ssh/
|
||||||
|
|
||||||
|
cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf <<EOF
|
||||||
|
# For now the vagrant insecure key is an rsa key
|
||||||
|
# https://github.com/hashicorp/vagrant/issues/11783
|
||||||
|
PubkeyAcceptedKeyTypes=+ssh-rsa
|
||||||
|
EOF
|
||||||
|
|
||||||
# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
|
# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
|
||||||
mkdir -m 0700 -p /root/.ssh
|
mkdir -m 0700 -p /root/.ssh
|
||||||
cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
|
cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
|
||||||
|
Loading…
Reference in New Issue
Block a user