Back to bug 2070163
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-03-30 14:07:57 UTC | Pool ID | sst_security_crypto_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2022-03-30 14:13:06 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-117344 | |
| Dmitry Belyavskiy | 2022-04-01 15:17:44 UTC | Keywords | Triaged | |
| Severity | unspecified | low | ||
| Priority | unspecified | low | ||
| Red Hat One Jira (issues.redhat.com) | 2022-12-22 16:01:31 UTC | Link ID | Red Hat Issue Tracker CRYPTO-9181 | |
| Stanislav Zidek | 2023-01-06 14:19:59 UTC | QA Contact | qe-baseos-security | szidek |
| Dmitry Belyavskiy | 2023-01-26 16:18:33 UTC | Flags | needinfo?(szidek) needinfo?(mhavrila) needinfo?(jjelen) | |
| CC | mhavrila | |||
| Dmitry Belyavskiy | 2023-01-26 16:19:11 UTC | Link ID | Gitlab redhat/centos-stream/rpms/openssh/-/merge_requests/44 | |
| Jakub Jelen | 2023-01-27 12:02:01 UTC | Flags | needinfo?(jjelen) | |
| Dmitry Belyavskiy | 2023-04-13 12:00:47 UTC | Status | NEW | ASSIGNED |
| Marek Havrila | 2023-04-26 10:29:03 UTC | Flags | needinfo?(mhavrila) | |
| Dmitry Belyavskiy | 2023-04-28 14:12:56 UTC | Status | ASSIGNED | MODIFIED |
| Dmitry Belyavskiy | 2023-05-02 09:35:52 UTC | Doc Text | Summary of the changes 1. On sshd startup, we check whether signing using the SHA1 for signing is available and don't use it when it isn't. 2. On ssh private key conversion we explicitly use SHA2 for testing RSA keys. 3. In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) ) to SHA2 on host keys proof confirmation. 4. On a client side we permit SHA2-based proofs from server when requested SHA1 proof (or didn't specify the hash algorithm that implies SHA1 on the client side). It is aligned with already present exception for RSA certificates. 5. We fallback to SHA2 if SHA1 signatures is not available on the client side (file sshconnect2.c). | |
| Doc Type | If docs needed, set a value | Enhancement | ||
| errata-xmlrpc | 2023-05-04 08:17:25 UTC | Fixed In Version | openssh-8.7p1-30.el9 | |
| Status | MODIFIED | ON_QA | ||
| Stanislav Zidek | 2023-05-16 09:15:31 UTC | Flags | needinfo?(szidek) | |
| Stanislav Zidek | 2023-05-16 09:22:20 UTC | Status | ON_QA | VERIFIED |
| Mirek Jahoda | 2023-08-30 09:09:25 UTC | Docs Contact | jafiala | |
| CC | mjahoda | |||
| Jan Fiala | 2023-08-31 11:08:18 UTC | Doc Text | Summary of the changes 1. On sshd startup, we check whether signing using the SHA1 for signing is available and don't use it when it isn't. 2. On ssh private key conversion we explicitly use SHA2 for testing RSA keys. 3. In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) ) to SHA2 on host keys proof confirmation. 4. On a client side we permit SHA2-based proofs from server when requested SHA1 proof (or didn't specify the hash algorithm that implies SHA1 on the client side). It is aligned with already present exception for RSA certificates. 5. We fallback to SHA2 if SHA1 signatures is not available on the client side (file sshconnect2.c). | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure the SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether signing using SHA-1 is available on the system. If it is not available, OpenSSH does not use SHA-1 for signing. This eliminates loading DSS keys when they are present and also enforces sending `rsa-sha2` messages. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. * When SHA-1 signatures are unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based proofs from the server when SHA-1 proof was requested or when the hash algorithm is not specified. This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. |
| CC | dbelyavs | |||
| Flags | needinfo?(dbelyavs) | |||
| Dmitry Belyavskiy | 2023-08-31 11:14:37 UTC | Doc Text | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure the SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether signing using SHA-1 is available on the system. If it is not available, OpenSSH does not use SHA-1 for signing. This eliminates loading DSS keys when they are present and also enforces sending `rsa-sha2` messages. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. * When SHA-1 signatures are unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based proofs from the server when SHA-1 proof was requested or when the hash algorithm is not specified. This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure the SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. It is potentially incompatible with (pre-RHEL9) clients. * When SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. |
| Dmitry Belyavskiy | 2023-08-31 11:15:06 UTC | Flags | needinfo?(dbelyavs) | |
| Jan Fiala | 2023-08-31 11:19:50 UTC | Doc Text | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure the SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. It is potentially incompatible with (pre-RHEL9) clients. * When SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try to use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. This might be incompatible with clients on RHEL 8 and earlier versions. * When the SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. |
| Jan Fiala | 2023-09-08 12:27:10 UTC | Doc Text | .OpenSSH further enforces SHA2 As part of the effort to migrate further from the less secure SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try to use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. This might be incompatible with clients on RHEL 8 and earlier versions. * When the SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. | .OpenSSH further enforces SHA-2 As part of the effort to migrate further from the less secure SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH: * Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try to use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available. * On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys. * When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. This might be incompatible with clients on RHEL 8 and earlier versions. * When the SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2. * On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported. |
Back to bug 2070163