Bug 2070113

Summary: pam_ssh_agent_auth signature request fails
Product: Red Hat Enterprise Linux 9 Reporter: Stanislav Zidek <szidek>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Stanislav Zidek <szidek>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0CC: dbelyavs, etmsys, jjelen, mhavrila, redhatbugs
Target Milestone: rcKeywords: Regression, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 11:21:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Prevent potential downgrade attack none

Description Stanislav Zidek 2022-03-30 12:38:36 UTC 
Description of problem:
I am not able to  ssh-agent / pam_ssh_agent_auth. Reproducible by /CoreOS/openssh/Sanity/pam_ssh_agent_auth . I am suspecting this is related to SHA-1 disablement, because things work fine with LEGACY crypto policy.

Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9

How reproducible:
always

Steps to Reproduce:
... see the test

Actual results:
:: [ 13:56:08 ] :: [  BEGIN   ] :: Running 'su testuser11049 -c 'eval `ssh-agent`; ssh-add ~/.ssh/my_id_rsa; sudo id; ssh-agent -k''
Agent pid 59937
Identity added: /home/testuser11049/.ssh/my_id_rsa (testuser11049.pnr.lab.eng.rdu2.redhat.com)

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 59937 killed;
:: [ 13:56:08 ] :: [   PASS   ] :: Command 'su testuser11049 -c 'eval `ssh-agent`; ssh-add ~/.ssh/my_id_rsa; sudo id; ssh-agent -k'' (Expected 0, got 0)
:: [ 13:56:08 ] :: [   FAIL   ] :: File '/var/tmp/rlRun_LOG.LGTLJGZu' should contain 'uid=0(root) gid=0(root)' 

Expected results:
works

Additional info:

su[15131]: (to testuser5192) root on none
su[15131]: pam_unix(su:session): session opened for user testuser5192(uid=1000) by (uid=0)
sudo[15138]: Failed Authentication: `testuser5192' as `testuser5192' using /etc/security/authorized_keys 
sudo[15138]: pam_unix(sudo:auth): conversation failed
sudo[15138]: pam_unix(sudo:auth): auth could not identify password for [testuser5192]
su[15131]: pam_unix(su:session): session closed for user testuser5192
su[15191]: (to testuser5192) root on none
su[15191]: pam_unix(su:session): session opened for user testuser5192(uid=1000) by (uid=0)
sudo[15200]: matching key found: file/command /etc/security/authorized_keys, line 1
sudo[15200]: Found matching RSA key: SHA256:ab6OqE5pMEvT65H3d6andda5GrGRcKHdpGguQbRq9sw
ssh-agent[15198]: error: process_sign_request2: sshkey_sign: error in libcrypto
sudo[15200]: Failed Authentication: `testuser5192' as `testuser5192' using /etc/security/authorized_keys 
sudo[15200]: pam_unix(sudo:auth): conversation failed
sudo[15200]: pam_unix(sudo:auth): auth could not identify password for [testuser5192]
su[15191]: pam_unix(su:session): session closed for user testuser5192
Comment 8 errata-xmlrpc 2022-11-15 11:21:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8375
Comment 9 Paul Donohue 2022-11-15 20:24:51 UTC 
On systems with the LEGACY crypto policy enabled, the fix for this bug introduces a potential downgrade attack (pam_ssh_agent_auth requests a rsa-sha2-256 signature, but doesn't verify that it gets a rsa-sha2-256 signature).

The attached patch fixes it so that pam_ssh_agent_auth verifies that it gets the requested signature type.

Also, given that pam_ssh_agent_auth signature algorithm can't be configured by the user (without recompiling), is there any reason not to use rsa-sha2-512 instead of rsa-sha2-256 as the default?

@dbelyavs
Comment 10 Paul Donohue 2022-11-15 20:25:57 UTC 
Created attachment 1924536 [details]
Prevent potential downgrade attack
Comment 11 Dmitry Belyavskiy 2022-11-16 10:21:31 UTC 
I'm not sure it's necessary. Switching to LEGACY cp, you explicitly agree to use SHA1 for your purposes so we don't create extra possibilities for downgrade attack.