Mailing List Archive: conflict in host signature checking

conflict in host signature checking

Jun 15, 2020, 10:17 AM

Post #1 of 3 (495 views)

Hi folks,

AFAICS the recent ssh versions don't support the ssh-rsa signature
algorithm for host keys anymore:

check_host_cert: certificate signature algorithm ssh-rsa:
signature algorithm not supported

So I refreshed the host key signatures using

ssh-keygen -s ~/.ssh/ca_rsa -t rsa-sha2-256 \
-I hostname.example.com -h /tmp/ssh_host_rsa_key.pub

This went well for almost all hosts in my environment, except for an
ancient Solaris 10 host used to checkout and build some very old code
(just in case). The problem on this host is

% ssh -V
OpenSSH_6.2p1, OpenSSL 1.0.1r 28 Jan 2016

% ssh -F /dev/null git
ssh_rsa_verify: cannot handle type rsa-sha2-256
cert_parse: Certificate signature verification failed
key_from_blob: can't parse cert data
cannot decode server_host_key_blob

% echo $?
255

If I put the old signed key back into place on git, then Solaris is
happy, but all other hosts complain as shown above.

Using */bin/ssh -F /dev/null* (i.e. the ancient ssh provided with Solaris10)
there is no problem with an unsupported signature algorithm, so I wonder
if I missed some command line flag to skip the signature verification in
openssh 6.2, as /bin/ssh does? Of course I checked the man page. Please
excuse if I am too blind to see.

Every helpful comment is highly appreciated
Harri
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: conflict in host signature checking [ In reply to ]

steffen at sdaoden

Jun 15, 2020, 10:48 AM

Post #2 of 3 (495 views)

Permalink

Harald Dunkel wrote in
<58888987-68f1-3487-008f-241190968e83@afaics.de>:
|AFAICS the recent ssh versions don't support the ssh-rsa signature
|algorithm for host keys anymore:
..
|Every helpful comment is highly appreciated

in my ~/.ssh/config

Host 10.0.1.14 schillix 10.0.1.15 ulin-010204
HostKeyAlgorithms ssh-rsa
# schillix with default ssh: KexAlgorithms +diffie-hellman-group1-sha1
IdentityFile ~/sec.arena/ssh.git/local_rsa.pub
...

I use dropbear on SchilliX now, which today has been released with
ed25519 support, however, so the above soon can vanish. That is,
maybe use dropbear on a non-standard port instead of an old ssh?
:wq

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: conflict in host signature checking [ In reply to ]

djm at mindrot

Jun 15, 2020, 4:52 PM

Post #3 of 3 (494 views)

Permalink

On Mon, 15 Jun 2020, Harald Dunkel wrote:

> Hi folks,
>
> AFAICS the recent ssh versions don't support the ssh-rsa signature
> algorithm for host keys anymore:
>
> check_host_cert: certificate signature algorithm ssh-rsa:
> signature algorithm not supported
>
> So I refreshed the host key signatures using
>
> ssh-keygen -s ~/.ssh/ca_rsa -t rsa-sha2-256 \
> -I hostname.example.com -h /tmp/ssh_host_rsa_key.pub
>
> This went well for almost all hosts in my environment, except for an
> ancient Solaris 10 host used to checkout and build some very old code
> (just in case). The problem on this host is
>
> % ssh -V
> OpenSSH_6.2p1, OpenSSL 1.0.1r 28 Jan 2016
>
> % ssh -F /dev/null git
> ssh_rsa_verify: cannot handle type rsa-sha2-256
> cert_parse: Certificate signature verification failed
> key_from_blob: can't parse cert data
> cannot decode server_host_key_blob
>
> % echo $?
> 255
>
> If I put the old signed key back into place on git, then Solaris is
> happy, but all other hosts complain as shown above.
>
> Using */bin/ssh -F /dev/null* (i.e. the ancient ssh provided with Solaris10)
> there is no problem with an unsupported signature algorithm, so I wonder
> if I missed some command line flag to skip the signature verification in
> openssh 6.2, as /bin/ssh does? Of course I checked the man page. Please
> excuse if I am too blind to see.

OpenSSH 6.2 doesn't support the RSA/SHA2 signature algorithms, so it will
not be able to process a host key whose CA signature is made with that
algorithm.

If you can't upgrade the host running OpenSSH 6.2, then I'd recommend
switching to an ECDSA CA key. That should be supported back to before
openssh-6.0.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev