openssh bugs - Aug 2018 - [Bug 2897] New: Short RSA key in RevokedKeys prevents everyone from logging in

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

            Bug ID: 2897
           Summary: Short RSA key in RevokedKeys prevents everyone from
                    logging in
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: colin at colincoghill.com

We make use of the RevokedKeys feature to list some old keys that we
don't want people able to use any more. Included in this list are some
RSA keys <1024 bits in length. They're insecure, which is why we revoke
them explicitly.

When sshd tries to read the RevokedKeys file it errors on the short key
and as a result refuses to let anyone log in. I presume this is related
to such keys no longer being accepted for authentication.

7.5p1 works fine
7.6p1 errors

logs:

sshd[22012]: error: Error checking authentication key RSA
SHA256:xxxxxxxxxxxxxxxxxxxxxx in revoked keys file
/etc/ssh/revoked_keys: Invalid key length


We have fixed this for our case by removing the revoked short keys, but
since the effect at the time was to lock us out of a server purely as a
result of upgrading openssh-server, I wanted to make a note that it
could be quite a bad situation for some folk.

Ideally having an unacceptable key in RevokedKeys shouldn't prevent all
logins. It's a place where insecure keys *should* be listed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
   Attachment #3178|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3178
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3178&action=edit
ignore invalid key length errors in sshkey_in_file()

This silently ignores SSH_ERR_KEY_LENGTH errors in sshkey_in_file().

This function is currently used in two places: revocation and listing
CA keys.

Ignoring SSH_ERR_KEY_LENGTH is safe in the CA path because we'd never
accept one of those keys as a CA key.

Ignoring the error in the revocation path is safe because we refuse
those keys for authentication too. IMO it's worth allowing revoked keys
lists with invalid short keys present as it supports sharing revocation
lists between different OpenSSH versions (some of which may not ban
short keys).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2893


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2893
[Bug 2893] Tracking bug for 7.9 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3178|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Fix committed, this will be in the openssh-7.9 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2897

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close RESOLVED bugs with the release of openssh-8.0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.