Hello all,
recently Fedora infrastructure deployed OpenSSH RSA certificates signed
with ed25519 CA on server with GIT repositories and we encounter
problems when connecting from old clients (openssh-5.3p1 + certificates)
as described in the following bug [1].
There is a known workaround (using only the raw key) and after reading
some more code around the key exchange and certificates specification, I
don't see a simple way how to prevent it
* the client does not know what CA key will be used
* the server can not select raw RSA (different than would be selected
by client)
The question is, can/should be the ED25519 keys be used for CA? The
specification (The line 196 [2]) does not list them or is outdated. If
it is a bug, can this be fixed? If it is intended, how to prevent using
ED25519 keys as CA?
Also reading through the gssgex code I noticed duplicate conditions on
lines 168 and 172 [3]. Can this be fixed too?
Any more ideas to the current problem?
Attached patches to the minor issues, but not resolving the original
problem.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1450609
[2]
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L196
[3] https://github.com/openssh/openssh-portable/blob/master/kexgexc.c#L172
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index aa6f5ae..ed7de11 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -194,8 +194,8 @@ the protocol.
signature key contains the CA key used to sign the certificate.
The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types
-ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained"
-certificates, where the signature key type is a certificate type itself
+ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 and ssh-ed25519.
+"Chained" certificates, where the signature key type is a certificate type itself
are NOT supported. Note that it is possible for a RSA certificate key to
be signed by a DSS or ECDSA CA key and vice-versa.
diff --git a/kexgexc.c b/kexgexc.c
index ad0d1c8..b0789cc 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -165,10 +165,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt)
(r = sshkey_from_blob(server_host_key_blob, sbloblen,
&server_host_key)) != 0)
goto out;
- if (server_host_key->type != kex->hostkey_type) {
- r = SSH_ERR_KEY_TYPE_MISMATCH;
- goto out;
- }
if (server_host_key->type != kex->hostkey_type ||
(kex->hostkey_type == KEY_ECDSA &&
server_host_key->ecdsa_nid != kex->hostkey_nid)) {
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev