Support RSA SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) #1314
Conversation
…he supported RSA cert based algs in server-sig-algs extension, fallback to default othwerwise
|
@willco007 Did changes to allow algo upgrades for SSH RSA certs if the server also enumerates the supported RSA cert based algs in server-sig-algs extension, fallback to default otherwise. Thoughts/Suggestions? |
|
@Tejaswikandula No, the only types it supports are |
RFC 8332 mentions allowing for interoperable use of existing and new RSA keys with SHA-256 and SHA-512. Is this what you are referring to when you say "these were the only upgrades OpenSSH supported"? While RFC 8332 doesn't explicitly discuss RSA certificates, RSA certs align with the hashing types used in RSA keys right? So, in case of certs, even though OpenSSH doesn't explicitly announce RSA certs in the server-sig-algs extension for flexible negotiation during key exchange process, can we infer that the support for RSA SHA-2 certificate-based authentications in newer OpenSSH versions indicates the potential for certificate upgrades? |
Correct.
No, we can't infer this. When reviewing the OpenSSH server code while implementing this, it did not have RSA cert support. New versions may have support, but that would need to be confirmed. |
|
This is what comes back from 9.4:
|
OpenSSH do support RSA certs from a long time and newer versions do also support RSA SHA2 certs. OpenSSH deprecated support for SHA1 certs along with the keys. Please refer to this PR - https://github.com/openssh/openssh-portable/commit/2344750250247111a6c3c6a4fe84ed583a61cc11. I'm able to successfully test using certs against different OpenSSH versions |
That's true. Though OpenSSH supports cert based authentication, it's not listing the same in server-sig-algs |
|
Yes, that is true, but I believe you're conflating |
…on differently based on the remote server version
…on differently based on the remote server version
|
@vszakats Requesting review again on this one. Also, the build is failing with docker error unrelated to my changes (probably flaky), can you help with restarting the build? |
Co-authored-by: Viktor Szakats <vszakats@users.noreply.github.com>
Co-authored-by: Viktor Szakats <vszakats@users.noreply.github.com>
Co-authored-by: Viktor Szakats <vszakats@users.noreply.github.com>
Co-authored-by: Viktor Szakats <vszakats@users.noreply.github.com>
@vszakats Thanks for the review. Need your help with restarting the build again, thanks!! |
|
Thank you @Tejaswikandula for this, also for your patience. To @willco007 for all the help. |
…-sha2-256_cert) (libssh2#1314) Replicating OpenSSH's behavior to handle RSA certificate authentication differently based on the remote server version. 1. For OpenSSH versions >= 7.8, ascertain server's support for RSA Cert types by checking if the certificate's signature type is present in the `server-sig-algs`. 2. For OpenSSH versions < 7.8, Set the "SSH_BUG_SIGTYPE" flag when the RSA key in question is a certificate to ignore `server-sig-algs` and only offer ssh-rsa signature algorithm for RSA certs. This arises from the fact that OpenSSH versions up to 7.7 accept RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7 includes RSA-SHA2 keys in the `server-sig-algs`, versions <=7.7 do not actually support RSA certs. Therefore, server sending RSA-SHA2 keys in `server-sig-algs` should not be interpreted as indicating support for RSA-SHA2 certs. So, `server-sig-algs` are ignored when the RSA key in question is a cert, and the remote server version is 7.7 or below. Relevant sections of the OpenSSH source code: <https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197> <https://github.com/openssh/openssh-portable/blob/master/compat.c#L43> Assisted-by: Will Cosgrove Reviewed-by: Viktor Szakats
Replicating OpenSSH's behavior to handle RSA certificate authentication differently based on the remote server version.
This arises from the fact that OpenSSH versions up to 7.7 accept RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7 includes RSA-SHA2 keys in the server-sig-algs, versions <=7.7 do not actually support RSA certs. Therefore, server sending RSA-SHA2 keys in server-sig-algs should not be interpreted as indicating support for RSA-SHA2 certs. So, server-sig-algs are ignored when the RSA key in question is a cert, and the remote server version is 7.7 or below.
Relevant sections of the OpenSSH source code:
https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197
https://github.com/openssh/openssh-portable/blob/master/compat.c#L43
sshconnect2.c
compat.c