[
https://issues.apache.org/jira/browse/SSHD-1141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17306461#comment-17306461
]
Thomas Wolf commented on SSHD-1141:
-----------------------------------
There's another problem. With Github, I observe the following with an Apache
MINA sshd client including this change:
# Client sends ext-info-c
# Server sends server-sig-algs, which includes rsa-sha2-512, rsa-sha2-256,
ssh-rsa
# Client is configured to use an RSA key
# Client sends SSH_MSG_USERAUTH_REQUEST type=rsa-sha2-512
# Server replies with SSH_MSG_USERAUTH_PK_OK type=ssh-rsa
# Client sends SSH_MSG_USERAUTH_REQUEST signed with ssh-rsa
Oops. Arguably (5) is wrong, Github should have replied SSH_MSG_USERAUTH_PK_OK
type=rsa-sha2-512?? See [RFC 4252|https://tools.ietf.org/html/rfc4252#page-9]:
the server should have replied with the "public key algorithm name from the
request", but it replies with the public key _type_? The Github SSH server
identifies as "SSH-2.0-babeld-383743ad".
However: in {{UserAuthPublicKey.processAuthDataRequest()}}, the client uses the
returned key type as algorithm. So it signs with ssh-rsa, not with
rsa-sha2-512. Should the client do that?
> Implement server-sig-algs
> -------------------------
>
> Key: SSHD-1141
> URL: https://issues.apache.org/jira/browse/SSHD-1141
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Ian Wienand
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Mina sshd should implement server-sig-algs to report signature algorithms.
> Without the daemon sending server-sig-algs, clients fall back to ssh-rsa per
> RFC8332
> {quote}When authenticating with an RSA key against a server that does not
> implement the "server-sig-algs" extension, clients MAY default to an
> "ssh-rsa" signature to avoid authentication penalties.
> {quote}
> Some distributions, notably Fedora 33, have set default system policy to
> disallow insecure algorithms such as ssh-rsa. They thus can not find a
> suitable signature algorithm and fail to log in. Quite a high level of
> knowledge is required to override the default system cryptography policy, and
> it can be quite confusing because the user's ssh-key works in many other
> contexts (against openssh servers, etc.). For full details see discussion in
> SSHD-1118.
> For example, connecting to a recent openssh server I see something like
> {quote}debug1: kex_input_ext_info:
> server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
> {quote}
> I believe that Mina SSHD does support these more secure signature algorithms,
> but because they aren't reported the client won't use them.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
