[PATCH] dropbear: make rsa-sha2-256 pubkeys usable again
matt at ucc.asn.au
Fri Jul 17 07:54:51 EDT 2020
I still can't reproduce this with OpenSSH_7.6p1 Ubuntu-4ubuntu0.3.
Are you using a rsa key on disk, or using a SSH agent? I wonder if the agent doesn't support rsa-sha2-256 signatures or something?
Dropbear is meant to be handling the difference between the key names and signature names - it's possible there are bugs, but I can't reproduce it yet.
> On Fri 17/7/2020, at 4:38 pm, Petr Štetiar <ynezz at true.cz> wrote:
> Matt Johnston <matt at ucc.asn.au> [2020-07-16 21:24:43]:
>> I can't reproduce a problem authenticating to a Dropbear 2020.80 server with
>> rsa keys. I've tried with either dbclient 2019.78 (using ssh-rsa sha1
>> signatures) or dbclient 2020.80 (rsa-sha2-256 signatures). Could you give me
>> some steps to reproduce it?
> just use any other SSH client which is implemented according to rfc8332, like
> OpenSSH as those would likely send the public keys with 'ssh-rsa' string:
> Since RSA keys are not dependent on the choice of hash function, the
> new public key algorithms reuse the "ssh-rsa" public key format as
> defined in [RFC4253]:
> string "ssh-rsa"
> mpint e
> mpint n
> All aspects of the "ssh-rsa" format are kept, including the encoded
> string "ssh-rsa". This allows existing RSA keys to be used with the
> new public key algorithms, without requiring re-encoding or affecting
> already trusted key fingerprints.
> In other words, OpenSSH client sends the key with `ssh-rsa` string, but
> Dropbear checks for `rsa-sha2-256` and thus refusing the client.
> $ dropbear -V
> Dropbear v2020.80
> $ dropbear -F -s -v
> TRACE (2907) 2.994471: buf_put_sign type 101 rsa-sha2-256
> TRACE (2907) 3.008211: enter send_msg_ext_info
> TRACE (2907) 3.008608: algolist add 20 'rsa-sha2-256,ssh-rsa���@E�W7��'�_��U��q}�+*L#�
> TRACE (2907) 3.999860: checkpubkey: opened authorized_keys OK
> TRACE (2907) 4.001785: checkpubkey_line: line pos = 8 len = 724
> TRACE (2907) 4.003487: checkpubkey: base64_decode success
> TRACE (2907) 4.004858: leave checkpubkey: ret=0
> TRACE (2907) 4.006211: enter buf_get_rsa_pub_key
> TRACE (2907) 4.007392: leave buf_get_rsa_pub_key: success
> TRACE (2907) 4.008283: enter buf_verify
>  Jul 17 08:30:56 Exit before auth from <192.168.200.1:49142>: (user 'root', 0 fails): Non-matching signing type
> ^--- here it fails in buf_verify as expected
> sigtype=DROPBEAR_SIGNATURE_RSA_SHA256, but actual sigtype is DROPBEAR_SIGNATURE_RSA_SHA1
> TRACE (2907) 4.010526: enter session_cleanup
> $ ssh -v root at 192.168.200.77
> OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
> debug1: kex: host key algorithm: rsa-sha2-256
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,ssh-rsa>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: RSA SHA256:ZLONs7adjPBljemwKAX5dXDiKPDVh4fsStkqi2eJsiI cardno:000610530066
> debug1: Server accepts key: pkalg rsa-sha2-256 blen 535
> Connection closed by 192.168.200.77 port 22
> -- ynezz
More information about the openwrt-devel