This idea was imported from Canny. Originally created by: Florian Klink. The current owner is: Unassigned.
A recent openssh upgrade removed ssh-rsa from the default list of HostkeyAlgorithms, due to security concerns. See https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd
This means the one-liner to access the SOS console currently fails:
❯ ssh $uuid@sos.dc13.platformequinix.com
Unable to negotiate with 145.40.79.87 port 22: no matching host key type found. Their offer: ssh-rsa
I need to manually invoke ssh with the -oHostkeyAlgorithms=+ssh-rsa parameter.
sos.*.platformequinix.com should support more modern host keys, so this works by default again (and is more secure)
This comment was imported from Canny. Originally created by: Sal Carrasco with 0 likes.
The SOS console has now been updated to support modern host keys. Users should no longer see the "no matching host key type found" error.
This comment was imported from Canny. Originally created by: Alexander Tessmer with 0 likes.
Any update on this? SHA-1 is now considered cryptographically insecure.
This comment was imported from Canny. Originally created by: Sal Carrasco with 0 likes.
Setting this one back to "Under Review" as I am seeing that it is still valid. I was able to replicate what Florian Klink provided, we will be reviewing shortly. Please stay tuned. > ssh $uuid@sos.da11.platformequinix.com Unable to negotiate with 145.40.76.147 port 22: no matching host key type found. Their offer: ssh-rsa