Host certificates signed with ed25519 fails with old clients
Jakub Jelen
jjelen at redhat.com
Tue May 16 21:20:29 AEST 2017
Hello all,
recently Fedora infrastructure deployed OpenSSH RSA certificates signed
with ed25519 CA on server with GIT repositories and we encounter
problems when connecting from old clients (openssh-5.3p1 + certificates)
as described in the following bug [1].
There is a known workaround (using only the raw key) and after reading
some more code around the key exchange and certificates specification, I
don't see a simple way how to prevent it
* the client does not know what CA key will be used
* the server can not select raw RSA (different than would be selected
by client)
The question is, can/should be the ED25519 keys be used for CA? The
specification (The line 196 [2]) does not list them or is outdated. If
it is a bug, can this be fixed? If it is intended, how to prevent using
ED25519 keys as CA?
Also reading through the gssgex code I noticed duplicate conditions on
lines 168 and 172 [3]. Can this be fixed too?
Any more ideas to the current problem?
Attached patches to the minor issues, but not resolving the original
problem.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1450609
[2]
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L196
[3] https://github.com/openssh/openssh-portable/blob/master/kexgexc.c#L172
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-certkeys.patch
Type: text/x-patch
Size: 1277 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170516/8785d199/attachment.bin>
More information about the openssh-unix-dev
mailing list