summaryrefslogtreecommitdiff
path: root/PROTOCOL.certkeys
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-07-03 11:39:54 +0000
committerDamien Miller <djm@mindrot.org>2018-07-03 23:26:36 +1000
commit4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch)
treeb8d904880f8927374b377b2e4d5661213c1138b6 /PROTOCOL.certkeys
parent95344c257412b51199ead18d54eaed5bafb75617 (diff)
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'PROTOCOL.certkeys')
-rw-r--r--PROTOCOL.certkeys20
1 files changed, 16 insertions, 4 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 65f11f538..11363fdc3 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -25,6 +25,10 @@ raw user keys. The ssh client will support automatic verification of
25acceptance of certified host keys, by adding a similar ability to 25acceptance of certified host keys, by adding a similar ability to
26specify CA keys in ~/.ssh/known_hosts. 26specify CA keys in ~/.ssh/known_hosts.
27 27
28All certificate types include certification information along with the
29public key that is used to sign challenges. In OpenSSH, ssh-keygen
30performs the CA signing operation.
31
28Certified keys are represented using new key types: 32Certified keys are represented using new key types:
29 33
30 ssh-rsa-cert-v01@openssh.com 34 ssh-rsa-cert-v01@openssh.com
@@ -33,9 +37,17 @@ Certified keys are represented using new key types:
33 ecdsa-sha2-nistp384-cert-v01@openssh.com 37 ecdsa-sha2-nistp384-cert-v01@openssh.com
34 ecdsa-sha2-nistp521-cert-v01@openssh.com 38 ecdsa-sha2-nistp521-cert-v01@openssh.com
35 39
36These include certification information along with the public key 40Two additional types exist for RSA certificates to force use of
37that is used to sign challenges. ssh-keygen performs the CA signing 41SHA-2 signatures (SHA-256 and SHA-512 respectively):
38operation. 42
43 rsa-sha2-256-cert-v01@openssh.com
44 rsa-sha2-512-cert-v01@openssh.com
45
46These RSA/SHA-2 types should not appear in keys at rest or transmitted
47on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
48field or in the "public key algorithm name" field of a "publickey"
49SSH_USERAUTH_REQUEST to indicate that the signature will use the
50specified algorithm.
39 51
40Protocol extensions 52Protocol extensions
41------------------- 53-------------------
@@ -291,4 +303,4 @@ permit-user-rc empty Flag indicating that execution of
291 of this script will not be permitted if 303 of this script will not be permitted if
292 this option is not present. 304 this option is not present.
293 305
294$OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $ 306$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $