[Bug 2799] New: RSA Signatures using SHA2 provided by different ssh-agent are not properly verified
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 10 18:19:25 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2799
Bug ID: 2799
Summary: RSA Signatures using SHA2 provided by different
ssh-agent are not properly verified
Product: Portable OpenSSH
Version: 7.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Problem:
The SSH2 protocol has the keytype/signature algorithm written in two
places that are not checked against each other, when the signature
comes from software talking ssh-agent protocol, but ignoring the SHA2
signature flags.
>From RFC4252, Section 7 [1], the message SSH_MSG_USERAUTH_REQUEST has a
field "public key algorithm name", which is what is reported in all the
logs as used.
RFC4253, Section 6.6 [2] talks about the format of signature, which is
again the "signature format identifier" and then the signature blob.
Steps to reproduce:
1. Apply the patch [3] to the server
2. Try to connect to this server with a signature provided by either
old ssh-agent (before openssh-7.2), gnome-keyring or pageant.
Current result:
Server debug logs contain, where hash_alg=1 is SSH_DIGEST_SHA1 in
master:
debug1: Verifying signature with ktype=ssh-rsa and hash_alg=1
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512
All the other logs talk about SHA2 signature.
Expected result:
Either failure because of inconsistent signature or client adjusting
the signature algorithm and honestly logging ssh-rsa algorithm instead
the SHA2 one.
Filled based on my longer report on the mailing list yesterday [4] with
more possible options how to resolve this issue.
Feel free to ask if you would need some clarification.
[1] https://tools.ietf.org/html/rfc4252#section-7
[2] https://tools.ietf.org/html/rfc4253#section-6.6
[3] https://gist.github.com/Jakuje/b1f7161d89472c4b6a3e2024675b0b46
[4]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-November/036443.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list