Adam Eijdenberg
2018-Oct-11 00:44 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote:> On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no mutual signature algorithm > > That looks like a bug: > > diff --git a/sshkey.c b/sshkey.c > index f7c09fb..e602987 100644 > --- a/sshkey.c > +++ b/sshkey.c > @@ -109,9 +109,9 @@ static const struct keytype keytypes[] = { > { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", NULL, > KEY_RSA_CERT, 0, 1, 0 }, > { "rsa-sha2-256-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, > { "rsa-sha2-512-cert-v01 at openssh.com", "RSA-CERT", > - "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > + "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, > { "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", NULL, > KEY_DSA_CERT, 0, 1, 0 }, > { "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT", NULL,Thanks for looking into. I wasn't able to get the patch to apply cleanly to the portable source for whatever reason, so I manually made the changes and got a little further. I now get past the "no mutual signature algorithm" client message, and get an error on the server side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017): userauth_pubkey: unsupported public key algorithm: rsa-sha2-512-cert-v01 at openssh.com [preauth] Along the way I noticed that there seems to be duplicated entries in the keytypes[] array - is this intentional? ie the following 2 contiguous sections appear to be identical. I ended up changing both on my client to remove the "ssh-" prefix: https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L116-L123 https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L124-L131
Damien Miller
2018-Oct-11 01:04 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, 11 Oct 2018, Adam Eijdenberg wrote:> Thanks for looking into. I wasn't able to get the patch to apply > cleanly to the portable source for whatever reason, so I manually made > the changes and got a little further. I now get past the "no mutual > signature algorithm" client message, and get an error on the server > side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017): > > userauth_pubkey: unsupported public key algorithm: > rsa-sha2-512-cert-v01 at openssh.com [preauth]Could you sent me a debug trace from the client for this? We shouldn't send this algorithm name unless the server supports it.> Along the way I noticed that there seems to be duplicated entries in > the keytypes[] array - is this intentional? ie the following 2 > contiguous sections appear to be identical. I ended up changing both > on my client to remove the "ssh-" prefix: > > https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L116-L123 > https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L124-L131Thanks, I've committed a fix for this. -d
Damien Miller
2018-Oct-11 01:13 UTC
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, 11 Oct 2018, Damien Miller wrote:> On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > > > Thanks for looking into. I wasn't able to get the patch to apply > > cleanly to the portable source for whatever reason, so I manually made > > the changes and got a little further. I now get past the "no mutual > > signature algorithm" client message, and get an error on the server > > side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017): > > > > userauth_pubkey: unsupported public key algorithm: > > rsa-sha2-512-cert-v01 at openssh.com [preauth] > > Could you sent me a debug trace from the client for this? We shouldn't > send this algorithm name unless the server supports it.Could you try this? diff --git a/sshconnect2.c b/sshconnect2.c index f104408..1d2906f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) * newer (SHA2) algorithms. */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), options.pubkey_key_types, NULL);