.OpenSSH further enforces SHA-2
As part of the effort to migrate further from the less secure SHA-1 message digest for cryptographic purposes, the following changes were made in OpenSSH:
* Added a check on `sshd` startup whether using SHA-1 is configured on the system. If it is not available, OpenSSH does not try to use SHA-1 for operations. This eliminates loading DSS keys when they are present and also enforces advertising `rsa-sha2` combinations when they are available.
* On SSH private key conversion, OpenSSH explicitly uses SHA-2 for testing RSA keys.
* When SHA-1 signatures are unavailable on the server side, `sshd` uses SHA-2 to confirm host key proof. This might be incompatible with clients on RHEL 8 and earlier versions.
* When the SHA-1 algorithm is unavailable on the client side, OpenSSH uses SHA-2.
* On the client side, OpenSSH permits SHA-2-based key proofs from the server when SHA-1 was used in key proof request or when the hash algorithm is not specified (assuming default). This is aligned with the already present exception for RSA certificates, and allows connecting by using modern algorithms when supported.
DescriptionStanislav Zidek
2022-03-30 14:07:57 UTC
Description of problem:
Upstream testsuite fails in DEFAULT policy. LEGACY works, indicating perhaps a SHA-1 related issue.
Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9
How reproducible:
always
Steps to Reproduce:
1. run upstream test suite yourself or /CoreOS/openssh/Sanity/selftest
Actual results:
...
do_convert_from_ssh2: private key conversion failed
0a1,15
> -----BEGIN RSA PRIVATE KEY-----
> MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko
> +dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3
> xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB
> An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7
> Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN
> wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V
> mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj
> qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI
> 7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ
> 9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC
> /ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg
> PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr
> dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i
> -----END RSA PRIVATE KEY-----
make[1]: *** [Makefile:147: t1] Error 1
Expected results:
tests pass
Comment 17Dmitry Belyavskiy
2023-04-20 15:53:16 UTC
Summary of the changes
1. On sshd startup, we check whether signing using the SHA1 for signing is available and don't use it when it isn't.
2. On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
3. In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) ) to SHA2 on host keys proof confirmation.
4. On a client side we permit SHA2-based proofs from server when requested SHA1 proof (or didn't specify the hash algorithm that implies SHA1 on the client side). It is aligned with already present exception for RSA certificates.
5. We fallback to SHA2 if SHA1 signatures is not available on the client side (file sshconnect2.c).
6. We skip dss-related tests (they don't work without SHA1).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2023:6622
Description of problem: Upstream testsuite fails in DEFAULT policy. LEGACY works, indicating perhaps a SHA-1 related issue. Version-Release number of selected component (if applicable): openssh-8.7p1-8.el9 How reproducible: always Steps to Reproduce: 1. run upstream test suite yourself or /CoreOS/openssh/Sanity/selftest Actual results: ... do_convert_from_ssh2: private key conversion failed 0a1,15 > -----BEGIN RSA PRIVATE KEY----- > MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko > +dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3 > xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB > An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7 > Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN > wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V > mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj > qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI > 7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ > 9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC > /ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg > PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr > dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i > -----END RSA PRIVATE KEY----- make[1]: *** [Makefile:147: t1] Error 1 Expected results: tests pass