RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1623929 - OpenSSH server reports incomplete server-sig-algs list in SHA2 extension
Summary: OpenSSH server reports incomplete server-sig-algs list in SHA2 extension
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.6
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-30 13:22 UTC by Jakub Jelen
Modified: 2019-02-11 15:39 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-11 15:39:06 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Jakub Jelen 2018-08-30 13:22:47 UTC
Description of problem:
The OpenSSH server in RHEL7.6 does not send complete list of signature algorithms in SHA2 extension.

debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>

This causes failures if the client is on OpenSSH 7.8p1+ (Fedora 28+) and for some reason disabled the rsa-sha2-* public key algorithms with PubkeyAcceptedKeyTypes configuration option.

The correct list should look like this:

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>

This does not affect any other key types at this moment.

Version-Release number of selected component (if applicable):
openssh-7.4p1-16

How reproducible:
specific configuration

Steps to Reproduce:
1. Install OpenSSH 7.8p1 (Fedora 28+)
2. Configure pubkey authentication using RSA key with remote server example.com
3. ssh -vvv -o PubkeyAcceptedKeyTypes=ssh-rsa example.com

Actual results:

debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:I1XXiJ/wkXC6Vn8ohZVHcJTCCKoPKm4mL8qtjtyNMhw /home/lslebodn/.ssh/id_rsa
debug1: send_pubkey_test: no mutual signature algorithm

Expected results:

The authentication should proceed using ssh-rsa algorithm.

Additional info:
This is a change in OpenSSH 7.8 that it is getting more strict about handling this extension. Unfortunately we carry broken version in RHEL7, which is not sending complete list of algorithms.

Workaround:
In client, list also the SHA2 extension algorithms:

PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512

If you need to adjust this list, rather use the + sign.


Thanks lslebodn for reporting this issue to me.

Comment 2 Christoph Sievers 2018-09-04 16:46:16 UTC
Hi,

client fedora 28 with openssh-7.8p1-2.fc28.x86_64

using a ssh-rsa-cert-v01 client certificate

> debug1: Offering public key: RSA-CERT > SHA256:xxx /home/c/.ssh/id_rsa-cert.pub
> debug1: send_pubkey_test: no mutual signature algorithm

The proposed workaround does not seem to work (Even if adding the cert type)

> PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-rsa-cert-v01

Comment 3 Jakub Jelen 2018-09-04 17:33:06 UTC
If you want to use certificates, you need to list also the SHA2 variants of certificates:

rsa-sha2-256-cert-v01,rsa-sha2-512-cert-v01

Not sure if this is somewhere documented, but is should do the job.

Comment 4 Christoph Sievers 2018-09-05 11:07:44 UTC
Hi,

i tried

PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01,rsa-sha2-512-cert-v01,ssh-rsa-cert-v01

but still

debug1: send_pubkey_test: no mutual signature algorithm

Comment 5 Jakub Jelen 2018-09-05 11:36:43 UTC
Please, open a customer case if you have this issue with your RHEL installation. 

https://access.redhat.com/

This will really need a fix in RHEL7 since the new OpenSSH checks the signature algorithms against the hardcoded list there, which is wrong.

Comment 6 Etienne CHAMPETIER 2018-09-06 17:21:31 UTC
Hi all,

Even if the CA is an RSA key, you can sign ECDSA or ED25519 keys so you get ECDSA/ED25519 certs which allow you to work around the issue without changing anything server-side

Exemple cert:
$ ssh-keygen -Lf ~/.ssh/id_ed25519-cert.pub
~/.ssh/id_ed25519-cert.pub:
        Type: ssh-ed25519-cert-v01 user certificate
        Public key: ED25519-CERT SHA256:<...>
        Signing CA: RSA SHA256:<...>
        Key ID: "..."

Comment 7 Christoph Sievers 2018-10-31 12:17:01 UTC
I think something happend within openssh 7.9 if my interpretation of this is correct: https://www.spinics.net/lists/openssh-unix-dev/msg05371.html

Comment 8 Jakub Jelen 2018-10-31 12:55:48 UTC
Indeed, there is fix [1] in latest OpenSSH 7.9p1 so updating the clients to the latest version should resolve the issue. But it does not change that there is a bug in RHEL7 too.

[1] https://github.com/openssh/openssh-portable/commit/1a4a9cf8

Comment 9 Simo Sorce 2019-02-11 15:39:06 UTC
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.


Note You need to log in before you can comment on or make changes to this bug.