[Bug 3157] New: known_hosts @cert-authority with legacy plain key entry drops incorrect set of HostKeyAlgorithms

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 4 06:50:04 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3157

            Bug ID: 3157
           Summary: known_hosts @cert-authority with legacy plain key
                    entry drops incorrect set of HostKeyAlgorithms
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: All
                OS: Mac OS X
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: paullkapp at gmail.com

Adding a @cert-authority entry into authorized_keys in conjunction with
a "plain" key entry results in the client requesting only host
certificates of the type of the plain key, not the comprehensive list
of certificate types.

Use case: A legacy RSA host key entry in known_hosts, and adding a
@cert-authority entry for a new ed25519 CA. Because the CA can sign
**any** key type, the client should include all certificate types in
the protocol exchange request.

What winds up happening: the plain RSA entry causes the client to only
request keys (and certificates) of the type RSA (and derivatives):
debug3: order_hostkeyalgs: prefer hostkeyalgs:
rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa

When the RSA key is removed from the remote host, the hostkey
verification fails, even though a valid (non-RSA) host certificate
could have been sent to the client.

Expected behavior: If the client has a @cert-authority entry in
known_hosts, all certificates types should be requested from the
server.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list