[
https://issues.apache.org/jira/browse/SSHD-1216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ben Humphreys updated SSHD-1216:
--------------------------------
Description:
In the recently released https://www.openssh.com/txt/release-8.8 for RSA keys
the public key signature algorithm that depends on SHA-1 has been disabled by
default:
{quote}This release disables RSA signatures using the SHA-1 hash algorithm 2by
default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix 4hash
collisions for <USD$50K [1]
{quote}
As a result OpenSSH 8.8 clients are unable to authenticate with Mina SSHD
servers with RSA based keys (it is however possible to reenable ssh-rsa).
OpenSSH since 7.2 does however support RFC 8332 RSA/SHA-256/512 signatures,
indeed the release notes go on to say:
{quote}
For most users, this change should be invisible and there is no need to replace
ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since
release 7.2 and existing ssh-rsa keys will automatically use the stronger
algorithm where possible.
{quote}
It appears Mina SSHD partly implements support for RFC 8332, indeed the client
code appears to support it (see SSHD-1141). However the server appears to lack
full support because it doesn't full implement the"server-sig-algs" extension.
The basic framework for supporting this seems to be present, specifically
{{AbstractKexFactoryManager.setKexExtensionHandler()}} could perhaps permit
such a "server-sig-algs" extension.
was:
In the recently released OpenSSH 8.8 for RSA keys the public key signature
algorithm that depends on SHA-1 has been disabled by default:
{quote}This release disables RSA signatures using the SHA-1 hash algorithm 2by
default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix 4hash
collisions for <USD$50K [1]
{quote}
As a result OpenSSH 8.8 clients are unable to authenticate with Mina SSHD
servers with RSA based keys (it is however possible to reenable ssh-rsa).
OpenSSH since 7.2 does however support RFC 8332 RSA/SHA-256/512 signatures.
It appears Mina SSHD partly implements support for RFC 8332, indeed the client
code appears to support it (see SSHD-1141). However the server appears to lack
full support because it doesn't full implement the"server-sig-algs" extension.
The basic framework for supporting this seems to be present, specifically
{{AbstractKexFactoryManager.setKexExtensionHandler()}} could perhaps permit
such a "server-sig-algs" extension.
> Implement RFC 8332 server-sig-algs on the server
> ------------------------------------------------
>
> Key: SSHD-1216
> URL: https://issues.apache.org/jira/browse/SSHD-1216
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Ben Humphreys
> Priority: Major
>
> In the recently released https://www.openssh.com/txt/release-8.8 for RSA keys
> the public key signature algorithm that depends on SHA-1 has been disabled by
> default:
> {quote}This release disables RSA signatures using the SHA-1 hash algorithm
> 2by default. This change has been made as the SHA-1 hash algorithm is
> cryptographically broken, and it is possible to create chosen-prefix 4hash
> collisions for <USD$50K [1]
> {quote}
> As a result OpenSSH 8.8 clients are unable to authenticate with Mina SSHD
> servers with RSA based keys (it is however possible to reenable ssh-rsa).
> OpenSSH since 7.2 does however support RFC 8332 RSA/SHA-256/512 signatures,
> indeed the release notes go on to say:
> {quote}
> For most users, this change should be invisible and there is no need to
> replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512
> signatures since release 7.2 and existing ssh-rsa keys will automatically use
> the stronger algorithm where possible.
> {quote}
> It appears Mina SSHD partly implements support for RFC 8332, indeed the
> client code appears to support it (see SSHD-1141). However the server appears
> to lack full support because it doesn't full implement the"server-sig-algs"
> extension.
> The basic framework for supporting this seems to be present, specifically
> {{AbstractKexFactoryManager.setKexExtensionHandler()}} could perhaps permit
> such a "server-sig-algs" extension.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
