AWS instance failed to connect / ED25519 2 Weeks ago
|
|
I'm hoping you can help me get connected to a new AWS instance. I am able to connect to it with Putty.
I submitted a ticket to AWS support; I pasted a couple things from their response (happy to share the entire response if it is relevant):
(a) AWS recommend use a client that supports a compatible algorithm, such as ssh-ed25519 or ecdsa-sha2-nistp256
(b) your SSH client must support a rsa-sha2-256 or rsa-sha2-512 signature
It appears my version of Absolute Telnet (11.38) has both of these items, and from what I can tell, the default SSH2 connection/config enables them.
Thanks in advance for any insight you can provide.
|
|
|
Logged
|
|
The administrator has disabled public write access.
|
|
Re:AWS instance failed to connect / ED25519 1 Week, 5 Days ago
|
|
After a bit of research and discussion with Brian, I believe we found the issue.... Absolute 11.39 and earlier DO support SHA2 signatures, but only for host keys, not authentication keys. The missing piece is RFC-8308 that allows a server to communicate to a client that SHA2 signatures in AUTHENTICATION keys are preferred, or even available.
Beginning around OpenSSH 8.8, SHA1 signatures are disabled by default, which created an incompatibility with Absolute that we've now fixed in version 11.41
Check the download page for the new version.
Other solutions:
1. When creating the Linux 2023 instance, use an ED25519 keypair instead. ED25519 keys do not have the SHA1 problem
2. Configure OpenSSH to allow SSH1 in authentication (not recommended) (and no, I won't tell you how to do it ) :-)
|
|
bpence (Admin)
Admin
Posts: 1402
|
Logged
|
|
Brian Pence
Celestial Software
SSH , SFTP, and Telnet in a tabbed interface for Windows XP, Vista, Mobile, and others
|
|
The administrator has disabled public write access.
|
|
Re:AWS instance failed to connect / ED25519 1 Week, 5 Days ago
|
|
And thanks again to Brian H for bringing this to my attention!!!
|
|
bpence (Admin)
Admin
Posts: 1402
|
Logged
|
|
Brian Pence
Celestial Software
SSH , SFTP, and Telnet in a tabbed interface for Windows XP, Vista, Mobile, and others
|
|
The administrator has disabled public write access.
|
|
|