Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Connection Profiles returning with error 'Unsupported OpenSSH public key type: rsa-sha2-512' #9575

Open
LostRhoades opened this issue Apr 9, 2024 · 1 comment
Open

SSH Connection Profiles returning with error 'Unsupported OpenSSH public key type: rsa-sha2-512' #9575

LostRhoades opened this issue Apr 9, 2024 · 1 comment
Labels
T: Bug

Comments

@LostRhoades
Copy link

Describe the problem:
I've created numerous SSH Connection Profiles and many of them work great. However, I've come to find that certain profiles attempt to connect and then return the message 'Unsupported OpenSSH public key type: rsa-sha2-512'. I checked the ciphers section to verify rsa-sha2-512 is enabled. I even went as far as enabling a bunch of other ciphers AND restarting TABBY, but no change in behavior.

As I've said, I've tested many of these profiles and they work just fine. Most of the devices I've been testing with are FortiGate firewalls. Looking at the logs on a FortiGate firewall that gives me this 'Unsupported' message, I see 'SSH server received bad length packet'. I've taken a known working profile and simply changed the host IP within the profile I get the error. So, the profile itself doesn't seem to be the issue.

I can manually ssh [email protected] through Tabby and I can connect to the firewall just fine.

*It's also worth mentioning that I've had the same issue connecting to some Aruba switches.

I've included a basic diagram to show at least part of the topology. This will hopefully give you an idea of what works and what doesn't. There are Layer 3 boundaries between each firewall (routing). So, behind each firewall is a completely different subnet (.i.e. 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16, etc).

To Reproduce:
I've been able to reproduce this issue at least in my environment. Where I'm consistently getting this 'Unsupported' message is where I'm trying to SSH to a device that is behind one of these other firewalls. This isn't exactly accurate, but in essence it's like 'nested' devices have this issue, but only through the Tabby profiles.

To make this clearer, a Tabby profile may work just fine when connecting to a sites main firewall, but connecting to the switches behind the firewall, I get the 'Unsupported' error. Likewise, I have a some firewalls I'm trying to reach that are only reachable through another firewall. These 'nested' firewalls seem to have the issue. Hopefully the image uploads, I think it will be helpful in understanding.

image

Thanks!
@LostRhoades
Copy link
Author

I forgot to include this screenshot.
Screenshot 2024-04-09 at 3 35 14 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LostRhoades