[Bug 2799] RSA Signatures using SHA2 provided by different ssh-agent are not properly verified

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Mar 18 17:18:44 AEDT 2018


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
   Attachment #3090|0                           |1
        is obsolete|                            |
   Attachment #3104|0                           |1
        is obsolete|                            |

--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Created attachment 3135
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3135&action=edit
Stricter RSA key type checking

This diff does a few things that aren't easily separable into
individual diffs.

1. Makes ssh retry to the sign_and_send_pubkey() operation when
ssh-agent returns a signature with an incorrect type. This ensures that
the pktype in the USERAUTH_REQUEST matches that of the signature.

2. Makes PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes match the
pktype in USERAUTH_REQUEST rather than the type of the embedded key.
This allows these options to be effectively used to ban ssh-rsa but
leave rsa-sha2-* enabled.

3. Add new RSA certificate types that that can be used in the above
options and on the wire to require the use of RSA/SHA2 signatures.

4. More strictly check the pkalg field from USERAUTH_REQUEST packets
against the type in the signature.

5. Because current OpenSSH is lax wrt RSA signature type correctness in
the presence of agents that don't support the new signature types, add
a compat flag to relax some of the new strictness.

Unfortunately, this isn't likely to make the 7.7 release :(

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list