[Bug 3351] New: RSA SHA256 certificates no longer work

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3351

            Bug ID: 3351
           Summary: RSA SHA256 certificates no longer work
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: denisenkom at gmail.com

RSA SHA256 certificate authentication stopped working in 8.8.

It looks like RSA SHA256 certificates are identified as
ssh-rsa-cert-v01 at openssh.com instead of as
rsa-sha2-256-cert-v01 at openssh.com and current allow list does not have
ssh-rsa-cert-v01 at openssh.com on it, resulting in rejection of such
certificates by the client.  The root cause seems to be in
misidentification of SHA256 certificates as sh-rsa-cert-v01 at openssh.com
certificates.

Workaround is to add "PubkeyAcceptedKeyTypes
+ssh-rsa-cert-v01 at openssh.com" into client ssh config, but this doesn't
seem right, since certificate is actually SHA256 certificate and should
be allowed by default.

Reproduction steps:

create CA key:
ssh-keygen -t rsa-sha2-256 -f ca_key

create user key:
ssh-keygen -t rsa-sha2-256 -f user_key

sign certificate using SHA256 signature:
ssh-keygen -s ca_key -I "test" -z "123" -V -1w:+54w5d -t rsa-sha2-256
-n user user_key.pub 

copy ca_key.pub to server /etc/ssh/ca_key.pub
Add following line to /etc/sshd_config:
TrustedUserCAKeys /etc/ssh/ca_key.pub

restart sshd: sudo service sshd restart

add test user: sudo useradd user

Back on Client run:
ssh -i user_key user@<server-host>

This fails with: user@<server-host>: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.