Mailing List Archive

OpenSSH forcing the signature to SHA1.
Hello folks,

I am new here, so please be gentle :), and any help will be appreciated.

Essentially what I am trying to do is, to use Jsch ( the java
implementation of SSH client). it has support for Public key based
authentication.
Since there is a requirement for FIPS enablement, we are trying to use the
Algorithm SHA256withRSA, instead of SHA1withRSA.
When the code tries to verify the signature of the public key of the server
using this algorithm, it is throwing an exception
ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1). So my
understanding is the server is forcing the signature to be SHA1.
I did try to use the parameter
PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa
But that does not help.

Also with the same SHA256withRSA algorithm when the code sign the data and
send it to server, it results in signature unverified error.
debug3: mm_answer_keyverify: publickey 0x56471045da10 signature unverified

Things work fine for ECDSA keypair with sha256. I am able to successfully
connect using this keypair.

My understanding was, as of 7.2 the support for SHA256 with RSA was there (
https://www.openssh.com/txt/release-7.2)

Are there any options which I am not aware of?
At the moment I am using openssh-7.9p1-233.1.x86_64 on SLES12.

Thanks a lot for the help.

Regards
Renjith
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH forcing the signature to SHA1. [ In reply to ]
On Sun, 2019-06-09 at 23:54 +0530, Renjith D wrote:
> Hello folks,
>
> I am new here, so please be gentle :), and any help will be
> appreciated.
>
> Essentially what I am trying to do is, to use Jsch ( the java
> implementation of SSH client). it has support for Public key based
> authentication.
> Since there is a requirement for FIPS enablement, we are trying to
> use the
> Algorithm SHA256withRSA, instead of SHA1withRSA.
> When the code tries to verify the signature of the public key of the
> server
> using this algorithm, it is throwing an exception
> ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1).
> So my
> understanding is the server is forcing the signature to be SHA1.
> I did try to use the parameter
> PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa
> But that does not help.
>
> Also with the same SHA256withRSA algorithm when the code sign the
> data and
> send it to server, it results in signature unverified error.
> debug3: mm_answer_keyverify: publickey 0x56471045da10 signature
> unverified
>
> Things work fine for ECDSA keypair with sha256. I am able to
> successfully
> connect using this keypair.
>
> My understanding was, as of 7.2 the support for SHA256 with RSA was
> there (
> https://www.openssh.com/txt/release-7.2)
>
> Are there any options which I am not aware of?
> At the moment I am using openssh-7.9p1-233.1.x86_64 on SLES12.
>
> Thanks a lot for the help.

Hello and welcome,

The RSA with SHA2 (the base ssh-rsa method supports only SHA1) is
defined in recent RFC 8332. The SHA2 usage in RSA authentication is
negotiated during key exchange as described in another recent RFC 8308.

Neither of these features look like supported by the JSCh if I read its
changelog and feature list correctly so I think you will either have to
use ECDSA or work with JSCh to implement these features for you. The
RSA with SHA2 works fine against other implementations supporting these
RFC as far as I know (for example recent libssh).

Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH forcing the signature to SHA1. [ In reply to ]
Thanks a lot for the response. The issue was that in jsch, the initial
handshake request contained only rsa-ssh as the supported algorithm. I
modified the code to support ssh-rsa2, then the server started using the
new signature algorithm, and i finally managed to connect.

Regards
Renjith

On Mon, 10 Jun 2019, 13:59 Jakub Jelen, <jjelen@redhat.com> wrote:

> On Sun, 2019-06-09 at 23:54 +0530, Renjith D wrote:
> > Hello folks,
> >
> > I am new here, so please be gentle :), and any help will be
> > appreciated.
> >
> > Essentially what I am trying to do is, to use Jsch ( the java
> > implementation of SSH client). it has support for Public key based
> > authentication.
> > Since there is a requirement for FIPS enablement, we are trying to
> > use the
> > Algorithm SHA256withRSA, instead of SHA1withRSA.
> > When the code tries to verify the signature of the public key of the
> > server
> > using this algorithm, it is throwing an exception
> > ObjectIdentifier mismatch: 1.3.14.3.2.26. (which is the OID of SHA1).
> > So my
> > understanding is the server is forcing the signature to be SHA1.
> > I did try to use the parameter
> > PubkeyAcceptedKeyTypes ssh-ed25519*,ecdsa-sha2*,rsa-sha2-*,ssh-rsa
> > But that does not help.
> >
> > Also with the same SHA256withRSA algorithm when the code sign the
> > data and
> > send it to server, it results in signature unverified error.
> > debug3: mm_answer_keyverify: publickey 0x56471045da10 signature
> > unverified
> >
> > Things work fine for ECDSA keypair with sha256. I am able to
> > successfully
> > connect using this keypair.
> >
> > My understanding was, as of 7.2 the support for SHA256 with RSA was
> > there (
> > https://www.openssh.com/txt/release-7.2)
> >
> > Are there any options which I am not aware of?
> > At the moment I am using openssh-7.9p1-233.1.x86_64 on SLES12.
> >
> > Thanks a lot for the help.
>
> Hello and welcome,
>
> The RSA with SHA2 (the base ssh-rsa method supports only SHA1) is
> defined in recent RFC 8332. The SHA2 usage in RSA authentication is
> negotiated during key exchange as described in another recent RFC 8308.
>
> Neither of these features look like supported by the JSCh if I read its
> changelog and feature list correctly so I think you will either have to
> use ECDSA or work with JSCh to implement these features for you. The
> RSA with SHA2 works fine against other implementations supporting these
> RFC as far as I know (for example recent libssh).
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev