Bug 1627875

Summary: Fedora 28 openssh 7.8p1 attempting to connect to CentOS 7 openssh 7.4p1 certificate authentication fails
Product: [Fedora] Fedora Reporter: Eli <Eli.Tarrago>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 28CC: accdias, dwalsh, Eli.Tarrago, jfch, jjelen, lkundrak, mattias.ellert, plautrba, pzhukov, tmraz, whaidinger
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-26 09:20:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eli 2018-09-11 18:28:49 UTC 
Description of problem:

Client is unable to connect to server using a certificate signed public key.

Client: Fedora 28 x86_64
libssh.x86_64                               0.8.2-1.fc28                @updates
libssh-devel.x86_64                         0.8.2-1.fc28                @updates
libssh2.x86_64                              1.8.0-7.fc28                @fedora 
openssh.x86_64                              7.8p1-1.fc28                @updates
openssh-askpass.x86_64                      7.8p1-1.fc28                @updates
openssh-clients.x86_64                      7.8p1-1.fc28                @updates
openssh-server.x86_64                       7.8p1-1.fc28                @updates

Server: CentOS 7.5 x86_64
libssh2.x86_64                     1.4.3-10.el7_2.1                    @updates   
openssh.x86_64                     7.4p1-16.el7                        @base    
openssh-clients.x86_64             7.4p1-16.el7                        @base    
openssh-server.x86_64              7.4p1-16.el7                        @base    




How reproducible:
Able to replicate following the steps. Each time is the same result.

Steps to Reproduce:
1. ssh-keygen -t rsa -b 2048 -f test
2. ssh-keygen -s cert.key -I "signedcert" -n testuser -O clear -O permit-agent-forwarding -O permit-pty -V -1w:+260w -z 0 test.pub
3. ssh -i test -vvv user@serverip

Actual results:
ssh -vvi key user@serverip                                                                                                               [10:35:37]
debug1: Offering public key: RSA-CERT SHA256:r7OlYvphkF6hsvFdWS2k1GsZVkNv60DCSAPMngN2lrs test
debug1: send_pubkey_test: no mutual signature algorithm
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@serverip: Permission denied (publickey).


Expected results:
RSA-CERT SHA256:r7OlYvphkF6hsvFdWS2k1GsZVkNv60DCSAPMngN2lrs test
Would be accepted as authorized public key.

Additional Details:
Work Around:
Adding 
PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01,rsa-sha2-512-cert-v01,ssh-rsa-cert-v01
into ssh client configuration does not allow authentication. 
At this time, the only workaround I have found involves signing the RSA key with ed25519. This is further supported by the following debug lines in the ssh connection:

Server Key Algorithms:
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01,ecdsa-sha2-nistp384-cert-v01,ecdsa-sha2-nistp521-cert-v01,ssh-ed25519-cert-v01,rsa-sha2-512-cert-v01,rsa-sha2-256-cert-v01,ssh-rsa-cert-v01,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

Client Key Algorithms:
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519

Negotiated:
debug1: kex: host key algorithm: ssh-ed25519

Thus, RSA is no longer supported as a signing key cipher.

Note:
https://bugzilla.redhat.com/show_bug.cgi?id=1623929
Addresses RSA Key failure authentication. This bug addresses RSA certificate signed keys.
Comment 1 Pavel Zhukov 2018-09-12 07:13:29 UTC 
Note this blocks fedpkg/ssh in Fedora infra. 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/UBBJCEK5Y7SVZ3EVNGKBIPGJFRHACF7N/
Comment 2 Jakub Jelen 2018-09-12 07:13:30 UTC 
This is not a bug in Fedora, but a bug in RHEL7 that demonstrates with new OpenSSH:

https://bugzilla.redhat.com/show_bug.cgi?id=1623929
Comment 3 Jakub Jelen 2018-09-13 07:23:56 UTC 
*** Bug 1628313 has been marked as a duplicate of this bug. ***
Comment 4 Jakub Jelen 2018-11-26 09:20:47 UTC 
This should be resolved/workaround in current OpenSSH 7.9p1, which does not enforce these strong requirements when connecting to older (frequently broken) peers. If you can still reproduce this with the updated openssh, please, reopen the bug with some more debug information.