[TriLUG] trilug.org ANCIENT ssh keys

Alan Porter via TriLUG trilug at trilug.org
Sat Aug 30 09:00:04 EDT 2025 

Spoken like a VOLUNTEER!

I use this in my .ssh/config to connect to pilot.

Host trilug pilot trilug.org
     User porter
     Hostname login.trilug.org
     HostKeyAlgorithms +ssh-rsa
     PubkeyAcceptedKeyTypes +ssh-rsa

The root cause of the problem is, of course, that pilot is still
running Ubuntu 12.04, and in the last decade there have been few
volunteers willing to devote some time into upgrading it.  And as
more time passes, that task only gets harder.

My personal opinion is that we also sometimes tend to conflate
routine maintenance plans with more grand plans of change or
growth, and so that can cause the upgrade task to become more
complex than it otherwise would be.

In a volunteer-run organization like TriLUG, it is essential that
maintenance be made as easy as possible, and that configurations
be left simple and documented so when there is personnel churn,
those maintenance tasks are not too difficult to tackle.  A
prime example of this is how we run LDAP on our "cluster of one"
because someone thought this was the enterprise grade solution.
But we do not have an enterprise grade staff or budget or even
focus to keep things running.  Raise your hand if you are
proficient in LDAP.  Anyone?  Bueller?

I would go a step further and claim that _IT_IS_OK_ for a
Linux-focused LUG to use tools that are off-the-shelf and
perhaps even proprietary in their mission holding regular
meetings and providing interesting services.  Not every tool
in our quiver needs to be the exemplar of the FOSS model.
This dogma has also interfered in keeping things simple enough
for a group of volunteers to maintain.

So yeah... we should get on the SSH key issue.  Thanks for
taking that first step of identifying the problem.

Alan




On 2025-08-30 00:00, William Sutton via TriLUG wrote:
> Would someone with admin access, please, for the love of mercy and
> the user community, update the sshd key types to something newer than
> ssh-rsa and ssh-dss?
>
> I've been limping my older laptop config using ssh-dss, but my newer
> laptop is on Fedora 41, and per ssh =Q key, the only algorithm it has
> in common with trilug.org is ssh-rsa.  But when I try to use that, I
> get back an error that the only supported keys are ...
> ssh-rsa,ssh-dss.  Which I would think would mean rsa should work...
> but clearly noth.
>
> William Sutton

More information about the TriLUG mailing list