Description of problem: Appending 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"' to /etc/sysconfig/sshd breaks OpenSSH as shipped by RHEL 7.8, while it works using RHEL 8.2. According to OpenSSH Release Notes, the RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512 are supported since OpenSSH 7.2 already. Version-Release number of selected component (if applicable): openssh-7.4p1-21.el7 How reproducible: See above and below. Steps to Reproduce: 1. echo 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"' >> /etc/sysconfig/sshd 2. systemctl restart sshd.service 3. ssh root@localhost # Fails with "Connection reset by ::1 port 22" Actual results: OpenSSH -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 broken Expected results: Working -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 usage
Cross-filed case 02640656 at the Red Hat customer portal.
Providing the debug log straight away would save me all the struggle of setting up the RHEL7 system. Adding them myself: Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: Connection from ::1 port 53844 on ::1 port 22 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Local version string SSH-2.0-OpenSSH_7.4 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Enabling compatibility mode for protocol 2.0 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: fd 3 setting O_NONBLOCK Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug2: Network child is on pid 1353 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: preauth child monitor started Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: SELinux support enabled [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_selinux_change_context: setting context from 'system_u:system_r:sshd_t:s0-s0:c0.c1023' to 'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: privsep user:group 74:74 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: permanently_set_uid: 74/74 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ecdsa-sha2-nistp256 key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: list_hostkey_types: ssh-ed25519 key not permitted by HostkeyAlgorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: list_hostkey_types: [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: fatal: No supported key exchange algorithms [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_send entering: type 124 [preauth] Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: monitor_read_log: child log fd closed Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: monitor_read: checking request 124 Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: mm_request_receive entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: do_cleanup Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug3: PAM: sshpam_thread_cleanup entering Apr 28 06:59:57 RHEL-7-9-20200407-0 sshd[1352]: debug1: Killing privsep child 1353 This is a know issue of OpenSSH before 7.9, that it requires ssh-rsa enabled in order to work with the sha2 extensions. See discussion in [1]. I am not sure if this was already documented somewhere or not, but it is something we will most likely not fix in RHEL7 as it is in maintenance phase and this does not look like qualifying for critical security issue. Solution is to add ssh-rsa to the hostkeyalgorithms (to the end so it is not negotiated by default): echo 'OPTIONS="-oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256,ssh-rsa"' >> /etc/sysconfig/sshd After that, it works as expected. I will have a look if we already have some documentation about this and if not, we will convert it to KBA or known issue. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2746
Based on the further investigation, the backport is really not straight-forward and requires a lot of changes (1000+ lines) making the change risky. The preferred solution to move away from RSA-SHA1 signatures in SSH is to update to RHEL8. If this is not possible for some reason, customers can switch to use EC keys of their choice (ECDSA/Ed25519), which are using SHA2 out of the box.