diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
| commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
| tree | b8d904880f8927374b377b2e4d5661213c1138b6 /PROTOCOL.certkeys | |
| parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) | |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'PROTOCOL.certkeys')
| -rw-r--r-- | PROTOCOL.certkeys | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 65f11f538..11363fdc3 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
| @@ -25,6 +25,10 @@ raw user keys. The ssh client will support automatic verification of | |||
| 25 | acceptance of certified host keys, by adding a similar ability to | 25 | acceptance of certified host keys, by adding a similar ability to |
| 26 | specify CA keys in ~/.ssh/known_hosts. | 26 | specify CA keys in ~/.ssh/known_hosts. |
| 27 | 27 | ||
| 28 | All certificate types include certification information along with the | ||
| 29 | public key that is used to sign challenges. In OpenSSH, ssh-keygen | ||
| 30 | performs the CA signing operation. | ||
| 31 | |||
| 28 | Certified keys are represented using new key types: | 32 | Certified keys are represented using new key types: |
| 29 | 33 | ||
| 30 | ssh-rsa-cert-v01@openssh.com | 34 | ssh-rsa-cert-v01@openssh.com |
| @@ -33,9 +37,17 @@ Certified keys are represented using new key types: | |||
| 33 | ecdsa-sha2-nistp384-cert-v01@openssh.com | 37 | ecdsa-sha2-nistp384-cert-v01@openssh.com |
| 34 | ecdsa-sha2-nistp521-cert-v01@openssh.com | 38 | ecdsa-sha2-nistp521-cert-v01@openssh.com |
| 35 | 39 | ||
| 36 | These include certification information along with the public key | 40 | Two additional types exist for RSA certificates to force use of |
| 37 | that is used to sign challenges. ssh-keygen performs the CA signing | 41 | SHA-2 signatures (SHA-256 and SHA-512 respectively): |
| 38 | operation. | 42 | |
| 43 | rsa-sha2-256-cert-v01@openssh.com | ||
| 44 | rsa-sha2-512-cert-v01@openssh.com | ||
| 45 | |||
| 46 | These RSA/SHA-2 types should not appear in keys at rest or transmitted | ||
| 47 | on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms | ||
| 48 | field or in the "public key algorithm name" field of a "publickey" | ||
| 49 | SSH_USERAUTH_REQUEST to indicate that the signature will use the | ||
| 50 | specified algorithm. | ||
| 39 | 51 | ||
| 40 | Protocol extensions | 52 | Protocol extensions |
| 41 | ------------------- | 53 | ------------------- |
| @@ -291,4 +303,4 @@ permit-user-rc empty Flag indicating that execution of | |||
| 291 | of this script will not be permitted if | 303 | of this script will not be permitted if |
| 292 | this option is not present. | 304 | this option is not present. |
| 293 | 305 | ||
| 294 | $OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $ | 306 | $OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $ |