[Bug 3213] New: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Sep 27 01:14:12 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3213

            Bug ID: 3213
           Summary: openssh 8.3p1 will not use any type of RSA key for
                    legacy servers if ssh-rsa is not in
                    PubkeyAcceptedKeyTypes
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: gordon.messmer at gmail.com

Created attachment 3446
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3446&action=edit
return correct key type name when connected to openssh server < 7.8

I could be wrong about all of the following, so let me just prefix
everything with, "To the best of my understanding:"

In OpenSSH 7.8, the semantics of PubkeyAcceptedKeyTypes was changed,
and older servers were marked with SSH_BUG_SIGTYPE.  For older servers,
ssh->kex->server_sig_algs appears to store a list of key types the
server supports, while on newer servers it stores a list of RSA
signature types that are supported.

sshconnect2.c:key_sig_algorithm will return a copy of the name of an
SSH key's type.  For everything except RSA keys, it will filter the
key's type against options.pubkey_key_types, but that doesn't make much
sense, because the key has already been verified to be a permitted type
by sshconnect2.c:pubkey_prepare.  (I haven't gone into the history, but
I'm guessing that this code used to filter against
ssh->kex->server_sig_algs instead.)

In other words, the private key type has already been checked against
the local security policy before key_sig_algorithm is called, so
key_sig_algorithm shouldn't be acting as a filter.  It should be
finding the correct name to refer to the client's key type.

I'd suggest dropping the call to match_list, and instead simply return
sshkey_ssh_name(key) for all non-RSA key types, and for RSA key types
when connecting to a legacy server with SSH_BUG_SIGTYPE set.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list