Source: openssh Version: 1:7.4p1-10+deb9u7 Severity: important Tags: patch Hi, openssh 7.4 is affected by a regression which omits rsa-sha2-256 / rsa-sha2-512 from server-sig-algs: http://lists.mindrot.org/pipermail/openssh-unix-dev/2020-May/038533.html
Stretch will be supported for another ~ two years, so it would be great to get this fixed in the upcoming 9.12 point release. Attached debdiff backports the upstream fix. I'd be happy to coordinate with (old)stable release managers to submit the update for 9.12. When logging in with openssh-client from unstable to a stretch sshd running on STRETCHSERVER and avoiding ssh-rsa the login fails: (which presents server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>) ------- jmm@soju:~$ ssh -o PubkeyAcceptedKeyTypes=-ssh-rsa -vvv STRETCHSERVER |& grep server-sig-algs debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> Password: ------- With the backported fix: (which presents server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256, rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,null>) ------- jmm@soju:~$ ssh -o PubkeyAcceptedKeyTypes=-ssh-rsa STRETCHSERVER Linux STRETCHSERVER 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16) x86_64 Debian GNU/Linux 9.12 (stretch) jmm@STRETCHSERVER:~$ ------- Cheers, Moritz
diff -Nru openssh-7.4p1/debian/changelog openssh-7.4p1/debian/changelog --- openssh-7.4p1/debian/changelog 2019-07-15 13:32:09.000000000 +0000 +++ openssh-7.4p1/debian/changelog 2020-06-04 14:45:31.000000000 +0000 @@ -1,3 +1,10 @@ +openssh (1:7.4p1-10+deb9u8) stretch; urgency=medium + + * Fix regression in 7.4 server-sig-algs, this led to SHA2 RSA + signature methods being excluded + + -- Moritz Muehlenhoff <j...@debian.org> Thu, 04 Jun 2020 14:45:31 +0000 + openssh (1:7.4p1-10+deb9u7) stretch; urgency=medium * Fix deadlock when the keys/principals command produces a lot of diff -Nru openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch --- openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch 2020-06-04 14:44:58.000000000 +0000 @@ -0,0 +1,77 @@ +From 183ba55aaaecca0206184b854ad6155df237adbe Mon Sep 17 00:00:00 2001 +From: "d...@openbsd.org" <d...@openbsd.org> +Date: Fri, 10 Mar 2017 04:07:20 +0000 +Subject: upstream commit + +fix regression in 7.4 server-sig-algs, where we were +accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno +Goncalves; ok dtucker@ + +Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + +[ backported to 7.4p1 ] + +diff -aur openssh-7.4p1.orig/kex.c openssh-7.4p1/kex.c +--- openssh-7.4p1.orig/kex.c 2020-06-03 15:40:06.000000000 +0200 ++++ openssh-7.4p1/kex.c 2020-06-03 15:54:45.461050249 +0200 +@@ -359,7 +359,7 @@ + int r; + char *algs; + +- if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) ++ if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || + (r = sshpkt_put_u32(ssh, 1)) != 0 || +diff -aur openssh-7.4p1.orig/ssh.c openssh-7.4p1/ssh.c +--- openssh-7.4p1.orig/ssh.c 2020-06-03 15:40:06.000000000 +0200 ++++ openssh-7.4p1/ssh.c 2020-06-03 15:54:45.461050249 +0200 +@@ -684,11 +684,11 @@ + else if (strcmp(optarg, "kex") == 0) + cp = kex_alg_list('\n'); + else if (strcmp(optarg, "key") == 0) +- cp = sshkey_alg_list(0, 0, '\n'); ++ cp = sshkey_alg_list(0, 0, 0, '\n'); + else if (strcmp(optarg, "key-cert") == 0) +- cp = sshkey_alg_list(1, 0, '\n'); ++ cp = sshkey_alg_list(1, 0, 0, '\n'); + else if (strcmp(optarg, "key-plain") == 0) +- cp = sshkey_alg_list(0, 1, '\n'); ++ cp = sshkey_alg_list(0, 1, 0, '\n'); + else if (strcmp(optarg, "protocol-version") == 0) { + #ifdef WITH_SSH1 + cp = xstrdup("1\n2"); +diff -aur openssh-7.4p1.orig/sshkey.c openssh-7.4p1/sshkey.c +--- openssh-7.4p1.orig/sshkey.c 2020-06-03 15:40:06.000000000 +0200 ++++ openssh-7.4p1/sshkey.c 2020-06-03 15:53:51.176514438 +0200 +@@ -196,14 +196,16 @@ + } + + char * +-sshkey_alg_list(int certs_only, int plain_only, char sep) ++sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) + { + char *tmp, *ret = NULL; + size_t nlen, rlen = 0; + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { +- if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) ++ if (kt->name == NULL) ++ continue; ++ if (!include_sigonly && kt->sigonly) + continue; + if ((certs_only && !kt->cert) || (plain_only && kt->cert)) + continue; +diff -aur openssh-7.4p1.orig/sshkey.h openssh-7.4p1/sshkey.h +--- openssh-7.4p1.orig/sshkey.h 2020-06-03 15:40:06.000000000 +0200 ++++ openssh-7.4p1/sshkey.h 2020-06-03 15:54:45.461050249 +0200 +@@ -157,7 +157,7 @@ + const char *sshkey_ssh_name(const struct sshkey *); + const char *sshkey_ssh_name_plain(const struct sshkey *); + int sshkey_names_valid2(const char *, int); +-char *sshkey_alg_list(int, int, char); ++char *sshkey_alg_list(int, int, int, char); + + int sshkey_from_blob(const u_char *, size_t, struct sshkey **); + int sshkey_fromb(struct sshbuf *, struct sshkey **); diff -Nru openssh-7.4p1/debian/patches/series openssh-7.4p1/debian/patches/series --- openssh-7.4p1/debian/patches/series 2019-07-15 13:31:41.000000000 +0000 +++ openssh-7.4p1/debian/patches/series 2020-06-04 14:45:12.000000000 +0000 @@ -45,3 +45,4 @@ check-filenames-in-scp-client.patch scp-handle-braces.patch fix-deadlock-in-keys-principals-command.patch +fix-regression-in-server-sig-algs.patch