#StackBounty: #linux #centos #ssh #fedora #arch-linux Change default certificate signing algorithm in ssh-keygen

Bounty: 50

Presently, OpenSSH 7.8 (Fedora 28/Arch) is unable to negotiate with a OpenSSH 7.4 (CentOS 7) server utilizing a certificate signed key, as described in a bug filed on redhat’s bugzilla. OpenSSH release notes indicate a change in the signature negotiation algorithm must now be explicitly defined. While 2 new signatures algorithms are now allowed (since 7.7), a bug or by intention, ssh-rsa-cert-v01@openssh.com user certificate are no longer able to be used for authentication.

Steps to Reproduce:

  1. ssh-keygen -t rsa -b 2048 -f test
  2. ssh-keygen -s cert.key -I “signedcert” -n testuser test.pub
  3. ssh -i test -vvv user@serverip

I am attempting to work around this issue by modifying the algorithm utilized in the certificate signing process.

ssh-keygen -L -f test.crt
test.crt:
    Type: ssh-rsa-cert-v01@openssh.com user certificate
    Public key: RSA-CERT SHA256:<fingerprint>
    Signing CA: RSA SHA256:<fingerprint>

The default for ssh-keygen is to sign the key in ssh-rsa-cert-v01@openssh.com.

According to OpenSSH 7.8 doc, PROTOCOL.certkeys.

All certificate types include certification information along with the
public key that is used to sign challenges. In OpenSSH, ssh-keygen
performs the CA signing operation.

Certified keys are represented using new key types:

    ssh-rsa-cert-v01@openssh.com
    ssh-dss-cert-v01@openssh.com
    ecdsa-sha2-nistp256-cert-v01@openssh.com
    ecdsa-sha2-nistp384-cert-v01@openssh.com
    ecdsa-sha2-nistp521-cert-v01@openssh.com

Two additional types exist for RSA certificates to force use of
SHA-2 signatures (SHA-256 and SHA-512 respectively):

    rsa-sha2-256-cert-v01@openssh.com
    rsa-sha2-512-cert-v01@openssh.com

This tells me there are 7 key types available, how do I specify one in ssh-keygen certificate signing process.

Please Note:

  • The following configuration change on client or server does not work for me.

    PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com

  • Signing the key in ed25519 format is not backward compatible to servers with openssh 5.3, such as CentOS 6 and thus will not be considered a solution.

Two solutions are possible here.

  1. Find a suitable workaround to allow ssh-rsa-cert-v01@openssh.com
    user certificates again.
  2. Find a way to change the certificate
    signing algorithm in ssh-keygen.

Update: ( 1 day later )

According to a user on #openssh, a certificate signature algorithm is set by the key used to sign the private key. This means, if I can figure out how to change the RSA algorithm from RSA:SHA1 to RSA:SHA2 I might be able to force the certificate signing algorithm to be sha2-256, which is possible on both sides with an additional work around.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.