WordPress.org

Make WordPress Core

Opened 8 months ago

Last modified 15 hours ago

#52409 new defect (bug)

Upload method SSH2 shouldn't use hardwired ssh-rsa hostkey

Reported by: richybkreckel Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Filesystem API Keywords: dev-feedback
Focuses: Cc:

Description

The constructor of class WP_Filesystem_SSH2 has 'ssh-rsa' hard-coded in wp-admin/includes/class-wp-filesystem-ssh2.php:91.

This breaks SSH2 uploads on modern systems where this public key signature algorithm is disabled by default. (This problem currently affects Fedora 33.)

Changing it to a supported algorithm makes it work again. (I used 'ssh-ed25519'.) I wonder if we need to set the algorithm at all? Can't we let SSH just negotiate one from it's set of supported algorithms?

Attachments (1)

wp-upgrade.patch (523 bytes) - added by richybkreckel 5 months ago.
patch

Download all attachments as: .zip

Change History (7)

#1 @johnbillion
8 months ago

  • Component changed from Upload to Filesystem API
  • Keywords dev-feedback added
  • Version 5.6 deleted

#2 @johnbillion
8 months ago

Thanks for the report @richybkreckel, and welcome.

#3 follow-up: @dd32
8 months ago

I wonder if we need to set the algorithm at all? Can't we let SSH just negotiate one from it's set of supported algorithms?

Looking at the docs, I don't see any requirement for it to be set, and I don't recall any need for it to be set, so removing it makes sense to me.

All the examples of using key based authentication with SSH include it, but looking at the latest source for the ssh2 extension, it looks like it's optional, it could potentially just be a hold-over from when ssh-dsa certificates were common and considered old.

If testing without it indicates that it still uses key authentication, then removal should be okay. If removal proves problematic, it could be updated to simply be "ssh-rsa,sh-ed25519" I think based on my reading of the libssh docs. Unsupported types by the libssh would be ignored.

Note: I encourage everyone using the built in SSH to consider keeping in mind the plugin which offers a pure-PHP implementation of it, as the PHP extension has been known to have incompatibilities from time-to-time.

#4 @richybkreckel
6 months ago

Any prospect this is going to be fixed soon? As it stands, update is broken on Fedora 33 and after fixing it manually every update breaks it again. I can confirm that a comma-separated list of hostkey algorithms works just fine.

#5 in reply to: ↑ 3 @richybkreckel
6 months ago

Replying to dd32:

If testing without it indicates that it still uses key authentication, then removal should be okay. If removal proves problematic, it could be updated to simply be "ssh-rsa,sh-ed25519" I think based on my reading of the libssh docs. Unsupported types by the libssh would be ignored.

Typo alert up there: it should be "ssh-rsa,ssh-ed25519", not "ssh-rsa,sh-ed25519".

@richybkreckel
5 months ago

patch

#6 @richybkreckel
15 hours ago

Ping!
Upgrading WP on a growing number of Linux distros breaks the installation.
Please apply the patch attached above.

Note: See TracTickets for help on using tickets.