Bug 1260253 - Old ssh clients fail to connect to a server in FIPS mode
Old ssh clients fail to connect to a server in FIPS mode
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Jelen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-04 22:41 EDT by kent@nimblestorage.com
Modified: 2015-10-01 12:01 EDT (History)
6 users (show)

See Also:
Fixed In Version: openssh-7.1p1-3.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-01 12:01:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description kent@nimblestorage.com 2015-09-04 22:41:07 EDT
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 2 kent@nimblestorage.com 2015-09-04 22:59:17 EDT
I couldn't seem to edit the description, so I'll describe the problem here (from openssh-7.1p1-1.fc24.src.rpm):

The problem is that a signature error occurs when a client with a minimum DH key size < 2048 connects to a server that has FIPS enabled, and uses any of the variable diffie-hellman kex modes. The signature failure is due to the fact that the hashed and signed kex->min value is overwritten with the minimum of the server, while the computation on the client uses its own value.

Removing this particular diff solves the problem:

-- openssh-7.0p1/kexgexs.c.fips        2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/kexgexs.c     2015-08-19 12:36:51.151412892 +0200
@@ -81,11 +81,11 @@ input_kex_dh_gex_request(int type, u_int
            (r = sshpkt_get_end(ssh)) != 0)
                goto out;
        kex->nbits = nbits;
-       kex->min = min;
+       kex->min = min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
Comment 3 Jakub Jelen 2015-09-08 08:28:13 EDT
Why are you filling bug on RHEL6, when you post a patch for Fedora Rawhide? Do you have FIPS enabled on Fedora or RHEL6? Can you provide example how to reproduce your problem or some verbose logs how to achieve your described behaviour?

Just tested with my installation and I don't see this issue.
Comment 4 kent@nimblestorage.com 2015-09-08 11:19:01 EDT
Sorry, this is the first bug report I've filed. If there's a bug tracking site for Fedora, I'll file the bug there.

I have two old ssh client programs, 4.3p2 and 5.9p2, and both exhibit the problem. What I'm running is basically openssh 7.1p1 with just the FIPS patch applied to it. Enabling FIPS on the server sshd, and not on the client side causes the behavior. If the setting of kex->min is the same in Red Hat as it is in Fedora, then the bug will be there.
Comment 5 kent@nimblestorage.com 2015-09-08 14:26:45 EDT
One further clarification: this happens when the key-exchange selected is one of the variable diffie-hellman choices, namely diffie-hellman-group-exchange-sha256 or diffie-hellman-group-exchange-sha1. The client has to be old enough to not have support for ecdh, or have those turned off. That can be forced by adding:

KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1

to ssh_config. That will also cause the failure to occur even with a newer ssh.
Comment 6 Jakub Jelen 2015-09-11 05:34:58 EDT
Moving to Fedora.

After reading your comments once more and some old commits, I see there was mistake during the rebase to openssh-6.8 which was removing SSH2_MSG_KEX_DH_GEX_REQUEST_OLD compatibility. Your patch is correct and I will update openssh early.

Thanks for the report.
Comment 7 Fedora Update System 2015-09-25 08:52:21 EDT
openssh-7.1p1-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-8774808146
Comment 8 Fedora Update System 2015-09-26 20:55:14 EDT
openssh-7.1p1-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-8774808146
Comment 9 Fedora Update System 2015-10-01 12:01:31 EDT
openssh-7.1p1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.