2070113 – pam_ssh_agent_auth signature request fails

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2070113 - pam_ssh_agent_auth signature request fails

Summary: pam_ssh_agent_auth signature request fails

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Dmitry Belyavskiy
QA Contact:	Stanislav Zidek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-30 12:38 UTC by Stanislav Zidek
Modified:	2022-11-16 10:21 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-11-15 11:21:44 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Prevent potential downgrade attack (1.76 KB, patch) 2022-11-15 20:25 UTC, Paul Donohue	no flags	Details \| Diff
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	CRYPTO-7280	None	None	None	2022-05-20 17:18:26 UTC
Red Hat Issue Tracker	RHELPLAN-117333	None	None	None	2022-03-30 12:47:24 UTC
Red Hat Product Errata	RHBA-2022:8375	None	None	None	2022-11-15 11:21:59 UTC

Description Stanislav Zidek 2022-03-30 12:38:36 UTC

Description of problem:
I am not able to  ssh-agent / pam_ssh_agent_auth. Reproducible by /CoreOS/openssh/Sanity/pam_ssh_agent_auth . I am suspecting this is related to SHA-1 disablement, because things work fine with LEGACY crypto policy.

Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9

How reproducible:
always

Steps to Reproduce:
... see the test

Actual results:
:: [ 13:56:08 ] :: [  BEGIN   ] :: Running 'su testuser11049 -c 'eval `ssh-agent`; ssh-add ~/.ssh/my_id_rsa; sudo id; ssh-agent -k''
Agent pid 59937
Identity added: /home/testuser11049/.ssh/my_id_rsa (testuser11049.pnr.lab.eng.rdu2.redhat.com)

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 59937 killed;
:: [ 13:56:08 ] :: [   PASS   ] :: Command 'su testuser11049 -c 'eval `ssh-agent`; ssh-add ~/.ssh/my_id_rsa; sudo id; ssh-agent -k'' (Expected 0, got 0)
:: [ 13:56:08 ] :: [   FAIL   ] :: File '/var/tmp/rlRun_LOG.LGTLJGZu' should contain 'uid=0(root) gid=0(root)' 

Expected results:
works

Additional info:

su[15131]: (to testuser5192) root on none
su[15131]: pam_unix(su:session): session opened for user testuser5192(uid=1000) by (uid=0)
sudo[15138]: Failed Authentication: `testuser5192' as `testuser5192' using /etc/security/authorized_keys 
sudo[15138]: pam_unix(sudo:auth): conversation failed
sudo[15138]: pam_unix(sudo:auth): auth could not identify password for [testuser5192]
su[15131]: pam_unix(su:session): session closed for user testuser5192
su[15191]: (to testuser5192) root on none
su[15191]: pam_unix(su:session): session opened for user testuser5192(uid=1000) by (uid=0)
sudo[15200]: matching key found: file/command /etc/security/authorized_keys, line 1
sudo[15200]: Found matching RSA key: SHA256:ab6OqE5pMEvT65H3d6andda5GrGRcKHdpGguQbRq9sw
ssh-agent[15198]: error: process_sign_request2: sshkey_sign: error in libcrypto
sudo[15200]: Failed Authentication: `testuser5192' as `testuser5192' using /etc/security/authorized_keys 
sudo[15200]: pam_unix(sudo:auth): conversation failed
sudo[15200]: pam_unix(sudo:auth): auth could not identify password for [testuser5192]
su[15191]: pam_unix(su:session): session closed for user testuser5192

Comment 8 errata-xmlrpc 2022-11-15 11:21:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8375

Comment 9 Paul Donohue 2022-11-15 20:24:51 UTC

On systems with the LEGACY crypto policy enabled, the fix for this bug introduces a potential downgrade attack (pam_ssh_agent_auth requests a rsa-sha2-256 signature, but doesn't verify that it gets a rsa-sha2-256 signature).

The attached patch fixes it so that pam_ssh_agent_auth verifies that it gets the requested signature type.

Also, given that pam_ssh_agent_auth signature algorithm can't be configured by the user (without recompiling), is there any reason not to use rsa-sha2-512 instead of rsa-sha2-256 as the default?

@dbelyavs

Comment 10 Paul Donohue 2022-11-15 20:25:57 UTC

Created attachment 1924536 [details]
Prevent potential downgrade attack

Comment 11 Dmitry Belyavskiy 2022-11-16 10:21:31 UTC

I'm not sure it's necessary. Switching to LEGACY cp, you explicitly agree to use SHA1 for your purposes so we don't create extra possibilities for downgrade attack.

Note You need to log in before you can comment on or make changes to this bug.