Update to v157 testing, Killed My SSH Auth Key

Hello,

I am using an Ed25519 key to authorise my login via SSH.

I just updated to dev v157, and after the update process my SSH key is no longer authorised for me to login.

Fortunately I have GUI access, so I can tick “allow password login” and i can login using password to see what has changed and fix it, however I feel like I should report this as it is dangerous behaviour of an upgrade that could see people loose access.

Thanks

I don’t know why, but after I went in and opened sshd_conf and closed it, it seems to work again.

It’s almost like a default sshd_config is used after upgrade and sshd is started using that default config or something? That is only a guess by me though, I can’t explain it otherwise. Very strange.

One thing I note that I do not like, I had the sshd_config commenting out RSA and EC keys… I am just using the Ed25519 host key, after upgrade it uncommented the other two host keys again. I don’t think that is good.

I have opened a bug report yesterday 12627 – After update from 156 to 157 d267131b, SSH dont work because i stumpled about the same. My “solution” was i just hit save in WUI SSH, without changing anything. Thats work for me with password login. With key i have not tested. I guess this works then also again.

Btw. I changed your title a little bit because people can think there is already a new release.

1 Like

Hi Ian,

you are right, the config has been overwritten and SSH listens on 22 TCP even 222 TCP has been configured, stopping and starting SSH via WUI fixed that for the first. Have announced it already on the dev mailinglist → Feedback on Core Update 157 testing , let´s see if there comes a solution (may by adding ssh to backup/includes), but for an update it should also be OK to use the ‘exclude’ file.

Best,

Erik

1 Like

That would be nice I think :slight_smile:

Hi,

having bumped into this the other day as well, I submitted a patch for applying changed
SSH configurations when upgrading to Core Update 157: [1/6] Core Update 157: Apply changed SSH configurations - Patchwork

That has not made it into the repository, yet, but I am sure it will. :slight_smile:

To keep things consistent, I will link the patch into the bug filed for this.

Thanks, and best regards,
Peter Müller

3 Likes

Hi Ian,

/root/.ssh
/etc/ssh/sshd_config
/etc/ssh/ssh_host*

directories are already included in the include file. Have been there since 2018.

That’s how when you do a fresh install and restore from backup that you can use your existing ssh keys for access without needing to copy them into IPFire again.

I think the problem here was not related to the keys themselves. Peter’s patch is applying the local configuration to the sshd_config in the update script.

1 Like

Yes I agree, on further inspection I still had my authorized_keys file containing my pub key. So it will be as Erik says, the default sshd_config being used initially after upgrade.