Bug 1828598
| Summary: | OpenSSH -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 broken | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Robert Scheck <redhat-bugzilla> |
| Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
| Status: | CLOSED WONTFIX | QA Contact: | Stanislav Zidek <szidek> |
| Severity: | medium | Docs Contact: | Jan Fiala <jafiala> |
| Priority: | unspecified | ||
| Version: | 7.8 | CC: | jafiala, jjelen, qe-baseos-security, robert.scheck, sbroz, szidek |
| Target Milestone: | rc | ||
| Target Release: | 7.9 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
.RSA signatures with SHA-1 cannot be completely disabled in RHEL7
Because the `ssh-rsa` signature algorithm must be allowed in OpenSSH to use the new SHA2 (`rsa-sha2-512`, `rsa-sha2-256`) signatures, you cannot completely disable SHA1 algorithms in RHEL7. To work around this limitation, you can update to RHEL8 or use ECDSA/Ed25519 keys, which use only SHA2.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-12 15:19:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Robert Scheck
2020-04-27 21:17:23 UTC
Cross-filed case 02640656 at the Red Hat customer portal. Providing the debug log straight away would save me all the struggle of setting up the RHEL7 system. Adding them myself: Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: Connection from ::1 port 53844 on ::1 port 22 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Local version string SSH-2.0-OpenSSH_7.4 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Enabling compatibility mode for protocol 2.0 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: fd 3 setting O_NONBLOCK Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: Network child is on pid 1353 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: preauth child monitor started Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: SELinux support enabled [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_selinux_change_context: setting context from 'system_u:system_r:sshd_t:s0-s0:c0.c1023' to 'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: privsep user:group 74:74 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: permanently_set_uid: 74/74 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ecdsa-sha2-nistp256 key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-ed25519 key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: list_hostkey_types: [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: fatal: No supported key exchange algorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_send entering: type 124 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: monitor_read_log: child log fd closed Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: monitor_read: checking request 124 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Killing privsep child 1353 This is a know issue of OpenSSH before 7.9, that it requires ssh-rsa enabled in order to work with the sha2 extensions. See discussion in [1]. I am not sure if this was already documented somewhere or not, but it is something we will most likely not fix in RHEL7 as it is in maintenance phase and this does not look like qualifying for critical security issue. Solution is to add ssh-rsa to the hostkeyalgorithms (to the end so it is not negotiated by default): echo 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256,ssh-rsa"' >> /etc/sysconfig/sshd After that, it works as expected. I will have a look if we already have some documentation about this and if not, we will convert it to KBA or known issue. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2746 Based on the further investigation, the backport is really not straight-forward and requires a lot of changes (1000+ lines) making the change risky. The preferred solution to move away from RSA-SHA1 signatures in SSH is to update to RHEL8. If this is not possible for some reason, customers can switch to use EC keys of their choice (ECDSA/Ed25519), which are using SHA2 out of the box. |