The ssh-rsa deprecation, and OpenSSH 7.4
Chris Danis
cdanis at wikimedia.org
Sat May 30 01:56:32 AEST 2020
Hello,
The release notes for 8.2 and 8.3 (essentially) state that an OpenSSH
version of 7.2 or later is sufficient to avoid worrying about the
ssh-rsa public key algorithm deprecation.
But I'm pretty sure that sshd in specifically OpenSSH 7.4 won't be
fully compatible in a post-ssh-rsa-deprecation world, as it has a bug
introduced by a cleanup patch[0] which causes it to not enumerate
rsa-sha2-256 or rsa-sha2-512 in its server-sig-algs response in the
extended KEX. This was fixed in 7.5.
Am I understanding everything correctly? If so, maybe the release
notes should be clarified with this wrinkle about version numbers.
I'm not sure if it would also make sense to release a 7.4p2 that
includes the fix patch[1], but wanted to suggest it as an idea.
Additionally, while the release notes focus on a discussion of host
keys, I think that some discussion of user RSA public keys might also
be worthwhile to include.
refs:
[0]: https://anongit.mindrot.org/openssh.git/commit/?id=130f5df4f
[1]: https://anongit.mindrot.org/openssh.git/commit/?id=183ba55aa
Many thanks for all your work and time!
--
Chris Danis (he/him)
Sr. Site Reliability Engineer
Wikimedia Foundation
More information about the openssh-unix-dev
mailing list