Re: ssh-ed25519 and ecdsa-sha2-nistp256 host keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 16 Sep 2020, Ryan Mulligan wrote:

> Here you go:

[snip]

> The relevant part of my /etc/ssh/ssh_config is:
> 
> Host *
> AddressFamily inet
> PubkeyAcceptedKeyTypes +ssh-dss
> HostKeyAlgorithms +ssh-dss

This is why you are seeing the hostkey warnings.

When HostKeyAlgorithms is left at the default, then ssh will consider the
public keys you have listed in UserKnownHostsFile and SystemKnownHostsFile
when constructing the KEXINIT host key algorithm proposal.

This is done so that, when the client and server agree on their host key
algorithms, the selected algorithm is likely to be once that the client
already has a recorded key for. Practically, it would look like this in
your debug output:

> debug3: hostkeys_foreach: reading file "/home/djm/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/djm/.ssh/known_hosts:207
debug3: load_hostkeys: loaded 1 keys from test
debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts"
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256,ssh-rsa

Here, ssh found a RSA key in ~/.ssh/known_hosts and ordered the host key
algorithms to prefer it. This ordering step is only performed when the
user has not specified their own HostKeyAlgorithms. Your config does, so
you get the default set, with ssh-dss appended.

> debug2: local client KEXINIT proposal
> debug2: KEX algorithms:
> curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
> debug2: host key algorithms:
> ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss

which prefers ECDSA.

As far as fixing this, you a couple of options:

1) Learn the other hostkeys for your destination. You can do this
   automatically using ssh -oUpdateHostKeys=yes ... (this will become
   the default once I fix a few corner-cases). This will avoid host key
   warnings.

2) Explicitly list the host key algorithms for this destination. I.e.
   have a "HostKeyAlgorithms ssh-ed25519" under a "Host [whatever]"
   block in your config. I don't really recommend this.

3) Restrict the set of hosts that you are adding ssh-dss for. Instead of
   doing it for "Host *", only do it for the hosts that strictly need it.
   ssh-dss is a weak algorithm and is disabled for this reason. IMO this
   is the best solution.


Hope this helps,
Damien Miller

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux