diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
tree | b8d904880f8927374b377b2e4d5661213c1138b6 /PROTOCOL.certkeys | |
parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'PROTOCOL.certkeys')
-rw-r--r-- | PROTOCOL.certkeys | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 65f11f538..11363fdc3 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
@@ -25,6 +25,10 @@ raw user keys. The ssh client will support automatic verification of | |||
25 | acceptance of certified host keys, by adding a similar ability to | 25 | acceptance of certified host keys, by adding a similar ability to |
26 | specify CA keys in ~/.ssh/known_hosts. | 26 | specify CA keys in ~/.ssh/known_hosts. |
27 | 27 | ||
28 | All certificate types include certification information along with the | ||
29 | public key that is used to sign challenges. In OpenSSH, ssh-keygen | ||
30 | performs the CA signing operation. | ||
31 | |||
28 | Certified keys are represented using new key types: | 32 | Certified keys are represented using new key types: |
29 | 33 | ||
30 | ssh-rsa-cert-v01@openssh.com | 34 | ssh-rsa-cert-v01@openssh.com |
@@ -33,9 +37,17 @@ Certified keys are represented using new key types: | |||
33 | ecdsa-sha2-nistp384-cert-v01@openssh.com | 37 | ecdsa-sha2-nistp384-cert-v01@openssh.com |
34 | ecdsa-sha2-nistp521-cert-v01@openssh.com | 38 | ecdsa-sha2-nistp521-cert-v01@openssh.com |
35 | 39 | ||
36 | These include certification information along with the public key | 40 | Two additional types exist for RSA certificates to force use of |
37 | that is used to sign challenges. ssh-keygen performs the CA signing | 41 | SHA-2 signatures (SHA-256 and SHA-512 respectively): |
38 | operation. | 42 | |
43 | rsa-sha2-256-cert-v01@openssh.com | ||
44 | rsa-sha2-512-cert-v01@openssh.com | ||
45 | |||
46 | These RSA/SHA-2 types should not appear in keys at rest or transmitted | ||
47 | on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms | ||
48 | field or in the "public key algorithm name" field of a "publickey" | ||
49 | SSH_USERAUTH_REQUEST to indicate that the signature will use the | ||
50 | specified algorithm. | ||
39 | 51 | ||
40 | Protocol extensions | 52 | Protocol extensions |
41 | ------------------- | 53 | ------------------- |
@@ -291,4 +303,4 @@ permit-user-rc empty Flag indicating that execution of | |||
291 | of this script will not be permitted if | 303 | of this script will not be permitted if |
292 | this option is not present. | 304 | this option is not present. |
293 | 305 | ||
294 | $OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $ | 306 | $OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $ |