Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa

Jakub Jelen jjelen at redhat.com
Mon Jan 30 20:58:01 AEDT 2017


On 01/26/2017 09:01 PM, Nuno Gonçalves wrote:
> Hi,
>
> I'm doing some test with a pkcs11 token that can only sign short messages.
>
> When connecting to one server, that reports pkalg rsa-sha2-512 blen
> 151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
> OpenSSH_7.3p1)
>
> A older server that reports pkalg ssh-rsa blen 151, works perfectly as
> the pubkey signature required is only 35 bytes long. (sshd:
> OpenSSH_6.7p1)
>
> I am not sure where does this pkalg fit in the process, and all my
> attempts to downgrade the algorithm have failed. Even looking at
> identity_sign_encode at sshconnect2.c, doesn't help me at all, as
> ssh-rsa is not one option.
>
> So very simply, was this deprecated completely, does the new
> implementation not allow the client to downgrade it, or is there any
> option for it?
>
> Thanks,
> Nuno

This is part of deprecation SHA1 for signatures, which were hardcoded 
into the core RFCs. The different hashes were introduced in OpenSSH 7.2 
[1] and are negotiated using the protocol extension. I don't think there 
are configuration options to control this behavior, but the new 
algorithms have higher priority for new OpenSSH versions.

[1] http://www.openssh.com/txt/release-7.2

Regards,

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat



More information about the openssh-unix-dev mailing list