Presently, OpenSSH 7.8 (Fedora 28/Arch) is unable to negotiate with a OpenSSH 7.4 (CentOS 7) server utilizing a certificate signed key, as described in a bug filed on redhat’s bugzilla. OpenSSH release notes indicate a change in the signature negotiation algorithm must now be explicitly defined. While 2 new signatures algorithms are now allowed (since 7.7), a bug or by intention, email@example.com user certificate are no longer able to be used for authentication.
Steps to Reproduce:
- ssh-keygen -t rsa -b 2048 -f test
- ssh-keygen -s cert.key -I “signedcert” -n testuser test.pub
- ssh -i test -vvv user@serverip
I am attempting to work around this issue by modifying the algorithm utilized in the certificate signing process.
ssh-keygen -L -f test.crt test.crt: Type: firstname.lastname@example.org user certificate Public key: RSA-CERT SHA256:<fingerprint> Signing CA: RSA SHA256:<fingerprint>
The default for ssh-keygen is to sign the key in email@example.com.
According to OpenSSH 7.8 doc, PROTOCOL.certkeys.
All certificate types include certification information along with the public key that is used to sign challenges. In OpenSSH, ssh-keygen performs the CA signing operation. Certified keys are represented using new key types: firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org Two additional types exist for RSA certificates to force use of SHA-2 signatures (SHA-256 and SHA-512 respectively): email@example.com firstname.lastname@example.org
This tells me there are 7 key types available, how do I specify one in ssh-keygen certificate signing process.
- The following configuration change on client or server does not work for me.
- Signing the key in ed25519 format is not backward compatible to servers with openssh 5.3, such as CentOS 6 and thus will not be considered a solution.
Two solutions are possible here.
- Find a suitable workaround to allow email@example.com
user certificates again.
- Find a way to change the certificate
signing algorithm in ssh-keygen.
Update: ( 1 day later )
According to a user on #openssh, a certificate signature algorithm is set by the key used to sign the private key. This means, if I can figure out how to change the RSA algorithm from RSA:SHA1 to RSA:SHA2 I might be able to force the certificate signing algorithm to be sha2-256, which is possible on both sides with an additional work around.