Adam Eijdenberg
2018-Oct-10 06:06 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> ... debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key debug1: send_pubkey_test: no mutual signature algorithm (So far as I can tell, neither the server nor client are overriding default algorithms in their respective configurations) I added some printf debugging to the client to show the values being compared: debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp256 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp256-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp384 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp384-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp521-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp521 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp521-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ssh-ed25519-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-ed25519 debug1: key_sig_algorithm: skipping ssh-ed25519-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: rsa-sha2-512-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-rsa-sha2-512 debug1: match_list: comparing cp: ssh-rsa-sha2-512 against sp: rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa-sha2-512 against sp: rsa-sha2-512 debug1: key_sig_algorithm: cp: rsa-sha2-256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa-sha2-256 against sp: rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa-sha2-256 against sp: rsa-sha2-512 debug1: key_sig_algorithm: cp: ssh-rsa-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-rsa debug1: match_list: comparing cp: ssh-rsa against sp: rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa against sp: rsa-sha2-512 debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp256 sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp256 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp256 due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384 sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp384 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp384 due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp521 sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp521 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp521 due to not matching key->type debug1: key_sig_algorithm: cp: ssh-ed25519 sshkey_sigalg_by_name(cp): ssh-ed25519 debug1: key_sig_algorithm: skipping ssh-ed25519 due to not matching key->type debug1: key_sig_algorithm: cp: rsa-sha2-512 sshkey_sigalg_by_name(cp): rsa-sha2-512 debug1: key_sig_algorithm: skipping rsa-sha2-512 due to not matching key->type debug1: key_sig_algorithm: cp: rsa-sha2-256 sshkey_sigalg_by_name(cp): rsa-sha2-256 debug1: key_sig_algorithm: skipping rsa-sha2-256 due to not matching key->type debug1: key_sig_algorithm: cp: ssh-rsa sshkey_sigalg_by_name(cp): ssh-rsa debug1: key_sig_algorithm: skipping ssh-rsa due to not matching key->type debug1: send_pubkey_test: no mutual signature algorithm I think the most relevant few lines is: debug1: key_sig_algorithm: cp: rsa-sha2-256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ssh-rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa-sha2-256 against sp: rsa-sha2-256 debug1: match_list: comparing cp: ssh-rsa-sha2-256 against sp: rsa-sha2-512 It looks like the "ssh-" prefix is returned by sshkey_sigalg_by_name() which does not match the algorithm identifiers returned by our server. Any suggestions on how we can configure either our server (7.4) or preferably client (7.8) to resolve? Many thanks, Cheers, Adam
Damien Miller
2018-Oct-10 23:41 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Wed, 10 Oct 2018, Adam Eijdenberg wrote:> Hi, > > One of our users who is running an OS (I think it's the latest beta > macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is > unable to use our user SSH RSA certificates to authenticate to our > servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan > 2017"). > > We see this error on the client side: > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > ... > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > debug1: send_pubkey_test: no mutual signature algorithmThat looks like a bug: diff --git a/sshkey.c b/sshkey.c index f7c09fb..e602987 100644 --- a/sshkey.c +++ b/sshkey.c @@ -109,9 +109,9 @@ static const struct keytype keytypes[] = { { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", NULL, KEY_RSA_CERT, 0, 1, 0 }, { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", - "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, + "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, { "rsa-sha2-512-cert-v01 at openssh.com", "RSA-CERT", - "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, + "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, { "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", NULL, KEY_DSA_CERT, 0, 1, 0 }, { "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT", NULL,
Adam Eijdenberg
2018-Oct-11 00:44 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote:> On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no mutual signature algorithm > > That looks like a bug: > > diff --git a/sshkey.c b/sshkey.c > index f7c09fb..e602987 100644 > --- a/sshkey.c > +++ b/sshkey.c > @@ -109,9 +109,9 @@ static const struct keytype keytypes[] = { > { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", NULL, > KEY_RSA_CERT, 0, 1, 0 }, > { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > { "rsa-sha2-512-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > { "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", NULL, > KEY_DSA_CERT, 0, 1, 0 }, > { "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT", NULL,Thanks for looking into. I wasn't able to get the patch to apply cleanly to the portable source for whatever reason, so I manually made the changes and got a little further. I now get past the "no mutual signature algorithm" client message, and get an error on the server side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017): userauth_pubkey: unsupported public key algorithm: rsa-sha2-512-cert-v01 at openssh.com [preauth] Along the way I noticed that there seems to be duplicated entries in the keytypes[] array - is this intentional? ie the following 2 contiguous sections appear to be identical. I ended up changing both on my client to remove the "ssh-" prefix: https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L116-L123 https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L124-L131
Maybe Matching Threads
- no mutual signature algorithm with RSA user certs client 7.8, server 7.4
- no mutual signature algorithm with RSA user certs client 7.8, server 7.4
- no mutual signature algorithm with RSA user certs client 7.8, server 7.4
- AIX make checks issue
- DSA key not accepted on CentOS even after enabling