OpenSSH forcing the signature to SHA1.

Renjith D renjithd at gmail.com
Tue Jun 11 01:05:06 AEST 2019


Thanks a lot for the response. The issue was that in jsch, the initial
handshake request contained only rsa-ssh as the supported algorithm. I
modified the code to support ssh-rsa2, then the server started using the
new signature algorithm, and i finally managed to connect.

Regards
Renjith

On Mon, 10 Jun 2019, 13:59 Jakub Jelen, <jjelen at redhat.com> wrote:

> On Sun, 2019-06-09 at 23:54 +0530, Renjith D wrote:
> > Hello folks,
> >
> > I am new here, so  please be gentle :), and any help will be
> > appreciated.
> >
> > Essentially what I am trying to do is, to use Jsch ( the java
> > implementation of SSH client). it has support for Public key based
> > authentication.
> > Since there is a requirement for FIPS enablement,  we are trying to
> > use the
> > Algorithm SHA256withRSA, instead of SHA1withRSA.
> > When the code tries to verify the signature of the public key of the
> > server
> > using this algorithm, it is throwing an exception
> > ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1).
> > So my
> > understanding is the server is forcing the signature to be SHA1.
> > I did try to use the parameter
> > PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa
> > But that does not help.
> >
> > Also with the same SHA256withRSA algorithm when the code sign the
> > data and
> > send it to server,  it results in signature unverified error.
> > debug3: mm_answer_keyverify: publickey 0x56471045da10 signature
> > unverified
> >
> > Things work fine for ECDSA keypair with sha256. I am able to
> > successfully
> > connect using this keypair.
> >
> > My understanding was, as of 7.2 the support for SHA256 with RSA was
> > there (
> > https://www.openssh.com/txt/release-7.2)
> >
> > Are there any options which I am not aware of?
> > At the moment I am using openssh-7.9p1-233.1.x86_64 on SLES12.
> >
> > Thanks a lot for the help.
>
> Hello and welcome,
>
> The RSA with SHA2 (the base ssh-rsa method supports only SHA1) is
> defined in recent RFC 8332. The SHA2 usage in RSA authentication is
> negotiated during key exchange as described in another recent RFC 8308.
>
> Neither of these features look like supported by the JSCh if I read its
> changelog and feature list correctly so I think you will either have to
> use ECDSA or work with JSCh to implement these features for you. The
> RSA with SHA2 works fine against other implementations supporting these
> RFC as far as I know (for example recent libssh).
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>


More information about the openssh-unix-dev mailing list