Bug 1974703

Summary: RFE: Block SSH driver needs to support SHA256 host key fingerprints
Product: Red Hat Enterprise Linux 9 Reporter: Daniel Berrangé <berrange>
Component: qemu-kvmAssignee: Daniel Berrangé <berrange>
qemu-kvm sub component: Storage QA Contact: Tingting Mao <timao>
Status: CLOSED DEFERRED Docs Contact:
Severity: unspecified    
Priority: unspecified CC: coli, jinzhao, jjelen, juzhang, rjones, virt-maint
Version: 9.0Keywords: FutureFeature, Triaged
Target Milestone: betaFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-16 02:16:43 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2001100    
Bug Blocks: 1936650    

Description Daniel Berrangé 2021-06-22 10:47:56 UTC 
Description of problem:

The SSH block driver supports only MD5 and SHA1:

##
# @SshHostKeyCheckHashType:
#
# @md5: The given hash is an md5 hash
# @sha1: The given hash is an sha1 hash
#
# Since: 2.12
##
{ 'enum': 'SshHostKeyCheckHashType',
  'data': [ 'md5', 'sha1' ] }


This is used for verifying host key fingerprints and thus is a cryptographically  sensitive use case. Both libssh and openssh support SHA256 for fingerprints. 

     SSH_PUBLICKEY_HASH_SHA256

This needs to be added to QEMU.

Version-Release number of selected component (if applicable):
qemu-kvm-6.0.0-6.el9
Comment 2 Daniel Berrangé 2021-06-22 12:26:51 UTC 
Patch posted to https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg06085.html
Comment 4 Daniel Berrangé 2021-06-30 16:11:29 UTC 
Included in a pull request: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg08004.html

We'll get it via rebase to 6.1
Comment 5 Jakub Jelen 2021-09-06 19:34:09 UTC 
Hi Daniel,
sorry for a late follow-up. But from https://bugzilla.redhat.com/show_bug.cgi?id=1936650#c3

docs/system/qemu-block-drivers.rst.inc:``host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8``
docs/system/qemu-block-drivers.rst.inc:(``sha1:`` can also be used as a prefix, but note that OpenSSH
docs/system/qemu-block-drivers.rst.inc:tools only use MD5 to print fingerprints).

  Documentation related to block/ssh.c 

  Needs updating when support for SHA256 is added

you mentioned that the documentation needs to be updated too. I see that it is still in qemu master:

https://git.qemu.org/?p=qemu.git;a=blob;f=docs/system/qemu-block-drivers.rst.inc;h=16225710ebbbc4a23f2bc8c60a542e01d87408bb;hb=HEAD#l783

Can you take care of updating this outdated comment too?

Note, that OpenSSH is for some time using only SHA256 and MD5 could be used for backward compatibility (but it is not recommended). The SHA1 was never officially used in OpenSSH:

https://github.com/openssh/openssh-portable/blob/7acb3578cdfec0b3d34501408071f7a96c1684ea/ssh-keygen.1#L318-L325
Comment 8 Daniel Berrangé 2021-11-18 15:44:12 UTC 
(In reply to Jakub Jelen from comment #5)
> docs/system/qemu-block-drivers.rst.inc:``host_key_check=md5:78:45:8e:14:57:
> 4f:d5:45:83:0a:0e:f3:49:82:c9:c8``
> docs/system/qemu-block-drivers.rst.inc:(``sha1:`` can also be used as a
> prefix, but note that OpenSSH
> docs/system/qemu-block-drivers.rst.inc:tools only use MD5 to print
> fingerprints).
> 
>   Documentation related to block/ssh.c 
> 
>   Needs updating when support for SHA256 is added
> 
> you mentioned that the documentation needs to be updated too. I see that it
> is still in qemu master:
> 
> https://git.qemu.org/?p=qemu.git;a=blob;f=docs/system/qemu-block-drivers.rst.
> inc;h=16225710ebbbc4a23f2bc8c60a542e01d87408bb;hb=HEAD#l783
> 
> Can you take care of updating this outdated comment too?

Posted upstream in:

https://lists.gnu.org/archive/html/qemu-devel/2021-11/msg03847.html

> Note, that OpenSSH is for some time using only SHA256 and MD5 could be used
> for backward compatibility (but it is not recommended). The SHA1 was never
> officially used in OpenSSH:
> 
> https://github.com/openssh/openssh-portable/blob/
> 7acb3578cdfec0b3d34501408071f7a96c1684ea/ssh-keygen.1#L318-L325

No problem, the newly updated QEMU docs basically only describe sha256 usage and recommend against the other options as legacy / insecure.