On 9/20/20 10:11 AM, Pavel Raiskup wrote:
Can anyone translate to me if this is really expected or a bug? Effect is that
Fedora 33 clients can not ssh to Debian 9 hosts by default (I'm not sure about
the supported Debian 10, and the key quality there).
Fedora 33 clients can connect to Debian 9 hosts, they just won't use RSA
keys for pubkey authentication. I think that's a bug.
I could be wrong about all of the following, so let me just prefix
everything with, "To the best of my understanding:"
In OpenSSH 7.8, the semantics of PubkeyAcceptedKeyTypes was changed, and
older servers were marked with SSH_BUG_SIGTYPE. For older servers,
ssh->kex->server_sig_algs appears to store a list of key types the
server supports, while on newer servers it stores a list of RSA
signature types that are supported.
sshconnect2.c:key_sig_algorithm will return a copy of the name of an SSH
key's type. For everything except RSA keys, it will filter the key's
type against options.pubkey_key_types, but that doesn't make much sense,
because the key has already been verified to be a permitted type by
sshconnect2.c:pubkey_prepare. (I haven't gone into the history, but I'm
guessing that this code used to filter against ssh->kex->server_sig_algs
instead.)
In other words, the private key type has already been checked against
the local security policy before key_sig_algorithm is called, so
key_sig_algorithm shouldn't be acting as a filter. It should be finding
the correct name to refer to the client's key type.
I'd suggest dropping the call to match_list, and instead simply return
sshkey_ssh_name(key) for all non-RSA key types, and for RSA key types
when connecting to a legacy server with SSH_BUG_SIGTYPE set.
I'll send this patch to the upstream developers, too. But do note that
none of this has anything to do with the server's host keys.
--- sshconnect2.c.orig 2020-09-26 07:26:37.618010545 -0700
+++ sshconnect2.c 2020-09-26 07:25:35.665009029 -0700
@@ -1281,10 +1284,9 @@
*/
if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
(key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
- (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
- /* Filter base key signature alg against our configuration */
- return match_list(sshkey_ssh_name(key),
- options.pubkey_key_types, NULL);
+ ((key->type == KEY_RSA || key->type == KEY_RSA_CERT)
+ && (datafellows & SSH_BUG_SIGTYPE))) {
+ return xstrdup(sshkey_ssh_name(key));
}
/*
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
