RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1828598 - OpenSSH -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 broken
Summary: OpenSSH -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 broken
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.8
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: 7.9
Assignee: Jakub Jelen
QA Contact: Stanislav Zidek
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-27 21:17 UTC by Robert Scheck
Modified: 2023-09-07 22:58 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.RSA signatures with SHA-1 cannot be completely disabled in RHEL7 Because the `ssh-rsa` signature algorithm must be allowed in OpenSSH to use the new SHA2 (`rsa-sha2-512`, `rsa-sha2-256`) signatures, you cannot completely disable SHA1 algorithms in RHEL7. To work around this limitation, you can update to RHEL8 or use ECDSA/Ed25519 keys, which use only SHA2.
Clone Of:
Environment:
Last Closed: 2020-05-12 15:19:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Robert Scheck 2020-04-27 21:17:23 UTC 
Description of problem:
Appending 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"' to /etc/sysconfig/sshd breaks OpenSSH as shipped by RHEL 7.8, while it works using RHEL 8.2. According to OpenSSH Release Notes, the RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512 are supported since OpenSSH 7.2 already.

Version-Release number of selected component (if applicable):
openssh-7.4p1-21.el7

How reproducible:
See above and below.

Steps to Reproduce:
1. echo 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"' >> /etc/sysconfig/sshd
2. systemctl restart sshd.service
3. ssh root@localhost  # Fails with "Connection reset by ::1 port 22"

Actual results:
OpenSSH -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 broken

Expected results:
Working -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 usage
Comment 2 Robert Scheck 2020-04-27 21:20:48 UTC 
Cross-filed case 02640656 at the Red Hat customer portal.
Comment 3 Jakub Jelen 2020-04-28 07:48:11 UTC 
Providing the debug log straight away would save me all the struggle of setting up the RHEL7 system. Adding them myself:

Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: Connection from ::1 port 53844 on ::1 port 22
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Local version string SSH-2.0-OpenSSH_7.4
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Enabling compatibility mode for protocol 2.0
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: fd 3 setting O_NONBLOCK
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: Network child is on pid 1353
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: preauth child monitor started
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: SELinux support enabled [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_selinux_change_context: setting context from 'system_u:system_r:sshd_t:s0-s0:c0.c1023' to 'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: privsep user:group 74:74 [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: permanently_set_uid: 74/74 [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ecdsa-sha2-nistp256 key not permitted by HostkeyAlgorithms [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-ed25519 key not permitted by HostkeyAlgorithms [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: list_hostkey_types:  [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: fatal: No supported key exchange algorithms [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_send entering: type 124 [preauth]
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: monitor_read_log: child log fd closed
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: monitor_read: checking request 124
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering
Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Killing privsep child 1353

This is a know issue of OpenSSH before 7.9, that it requires ssh-rsa enabled in order to work with the sha2 extensions. See discussion in [1]. I am not sure if this was already documented somewhere or not, but it is something we will most likely not fix in RHEL7 as it is in maintenance phase and this does not look like qualifying for critical security issue.

Solution is to add ssh-rsa to the hostkeyalgorithms (to the end so it is not negotiated by default):

  echo 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256,ssh-rsa"' >> /etc/sysconfig/sshd

After that, it works as expected. I will have a look if we already have some documentation about this and if not, we will convert it to KBA or known issue.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2746
Comment 7 Jakub Jelen 2020-05-12 15:19:10 UTC 
Based on the further investigation, the backport is really not straight-forward and requires a lot of changes (1000+ lines) making the change risky.

The preferred solution to move away from RSA-SHA1 signatures in SSH is to update to RHEL8. If this is not possible for some reason, customers can switch to use EC keys of their choice (ECDSA/Ed25519), which are using SHA2 out of the box.
Note You need to log in before you can comment on or make changes to this bug.