Bug 1678661

Summary: openssh: KexAlgorithms=curve25519-sha256 not compatible with DEFAULT profile
Product: Red Hat Enterprise Linux 8 Reporter: Stanislav Zidek <szidek>
Component: crypto-policiesAssignee: Tomas Mraz <tmraz>
Status: VERIFIED --- QA Contact: Simo Sorce <ssorce>
Severity: medium Docs Contact: Mirek Jahoda <mjahoda>
Priority: medium    
Version: 8.0CC: hkario, igkioka, jjelen, lmanasko, mjahoda, nmavrogi, omoris, pasik, ssorce, szidek, tmraz
Target Milestone: rcKeywords: Triaged
Target Release: 8.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: crypto-policies-20190613-1.git21ffdc8.el8 Doc Type: Bug Fix
Doc Text:
.`curve25519-sha256` is now supported by default in OpenSSH Previously, the `curve25519-sha256` SSH key exchange algorithm was missing in the system-wide crypto policies configurations for the OpenSSH client and server even though it was compliant with the default policy level. As a consequence, if a client or a server used `curve25519-sha256` and this algorithm was not supported by the host, the connection might fail. This update of the `crypto-policies` package fixes the bug, and SSH connections no longer fail in the described scenario.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1682515    
Bug Blocks:    

Description Stanislav Zidek 2019-02-19 10:44:25 UTC 
Description of problem:
curve25519-sha256 is not compatible with DEFAULT profile (and perhaps others)

Version-Release number of selected component (if applicable):
RHEL-8.0.0-20190213.0
# rpm -q crypto-policies openssh
crypto-policies-20181217-5.git9a35207.el8.noarch
openssh-7.8p1-4.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. ssh -o KexAlgorithms=curve25519-sha256 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost

Actual results:
Unable to negotiate with ::1 port 22: no matching key exchange method found. Their offer: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

Expected results:
Connects normally.

Additional info:
This is regression against RHEL-7, so we need to at least document it as known issue. Not a blocker material.
Comment 1 Tomas Mraz 2019-02-19 10:58:37 UTC 
Mirek, can we document it as known issue in RHEL-8.0?
Do we need a separate bug for the documentation?
Comment 19 Simo Sorce 2019-07-08 16:23:25 UTC 
Verify test runs in CI: https://baseos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/ci-openstack/29584//console

[10.0.132.116        ] T:       5 [-ciphers-in-practice-do-not-meet-the-stated] Running
[10.0.132.116        ] 1562575727 [Setup                                      ] PASS Score: 0
[10.0.132.116        ] 1562575728 [Test-available-ciphers                     ] PASS Score: 0
[10.0.132.116        ] 1562575729 [Test-available-macs                        ] PASS Score: 0
[10.0.132.116        ] 1562575730 [KEX-algorithms                             ] PASS Score: 0
[10.0.132.116        ] 1562575731 [Key-types                                  ] PASS Score: 0
[10.0.132.116        ] 1562575732 [Cleanup                                    ] PASS Score: 0
[10.0.132.116        ] T:       5 [-ciphers-in-practice-do-not-meet-the-stated] Completed: PASS