[Bug 2799] New: RSA Signatures using SHA2 provided by different ssh-agent are not properly verified

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 10 18:19:25 AEDT 2017 

https://bugzilla.mindrot.org/show_bug.cgi?id=2799

            Bug ID: 2799
           Summary: RSA Signatures using SHA2 provided by different
                    ssh-agent are not properly verified
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Problem:

The SSH2 protocol has the keytype/signature algorithm written in two
places that are not checked against each other, when the signature
comes from software talking ssh-agent protocol, but ignoring the SHA2
signature flags.

>From RFC4252, Section 7 [1], the message SSH_MSG_USERAUTH_REQUEST has a
field "public key algorithm name", which is what is reported in all the
logs as used.

RFC4253, Section 6.6 [2] talks about the format of signature, which is
again the "signature format identifier" and then the signature blob.

Steps to reproduce:

1. Apply the patch [3] to the server
2. Try to connect to this server with a signature provided by either
old ssh-agent (before openssh-7.2), gnome-keyring or pageant.

Current result:
Server debug logs contain, where hash_alg=1 is SSH_DIGEST_SHA1 in
master:

debug1: Verifying signature with ktype=ssh-rsa and hash_alg=1
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512

All the other logs talk about SHA2 signature.

Expected result:
Either failure because of inconsistent signature or client adjusting
the signature algorithm and honestly logging ssh-rsa algorithm instead
the SHA2 one.

Filled based on my longer report on the mailing list yesterday [4] with
more possible options how to resolve this issue.

Feel free to ask if you would need some clarification.

[1] https://tools.ietf.org/html/rfc4252#section-7
[2] https://tools.ietf.org/html/rfc4253#section-6.6
[3] https://gist.github.com/Jakuje/b1f7161d89472c4b6a3e2024675b0b46
[4]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-November/036443.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list