Ed25519 for Ubuntu 22.04

tania · August 10, 2022, 4:38pm

Hi,

Using the new AMI for Ubuntu 22.04 and OpenSSH was updated to v8.x and rsa host keys are disabled by default. As a result the current rsa key used for 18.04 amd 20.04 gets permission denied.

If I update the key and the database to reflect a ed25519 key I see the error:

Oops, we’re sorry but something went wrong OpenSSH keys only supported if ED25519 is available net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn’t have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0) See https://github.com/net-ssh/net-ssh/issues/478 for more information Gem::MissingSpecError : “Could not find ‘rbnacl’ (>= 3.2.0, < 5.0) among 249 total gem(s) Checked in ‘GEM_PATH=/usr/share/foreman/.gem/ruby:/usr/share/gems:/usr/local/share/gems’, execute gem env for more information”

If I install rubygem-rbnacl it appears to break foreman, where services fail to start on restart.

What’s the best way to get ed25519 working?

I am currently using foreman version 3.3.0

Many Thanks,
Tania

tania · August 11, 2022, 9:52am

Hi,

Looks like to get foreman back up and running I had to install epel-release and then yum install libsodium rubygem-bcrypt_pbkdf. However it fails SSH due to Backtrace for ‘SSH error’ error (ArgumentError): Expected -----END OPENSSH PRIVATE KEY-----. My key has END OPENSSH PRIVATE KEY so not sure where the format might be going wrong.

Thanks,
Tania

tania · August 11, 2022, 10:15am

Hi,

So reading the /usr/share/gems/gems/net-ssh-4.2.0/lib/net/ssh/authentication/ed25519.rb it appears I needed -----END OPENSSH PRIVATE KEY-----\n adding the newline to my key_pair entry granted me access to the instance.

Thanks,
Tania

Dirk · August 11, 2022, 3:12pm

@packaging: Looks like we need to bump net-ssh (part of foreman, not plugins) to at least 5.0 or add the dependency. Any preferences?

ekohl · August 11, 2022, 3:48pm