[Bug 1978845] Re: gpg-agent on Ubuntu 18.04 does not support rsa-sha2-512 and rsa-sha2-256 signature algorithms for SSH

Colin Watson 1978845 at bugs.launchpad.net
Wed Jun 15 21:16:36 UTC 2022 

*** This bug is a duplicate of bug 1978851 ***
    https://bugs.launchpad.net/bugs/1978851

** Project changed: gnupg => gnupg2 (Ubuntu)

** This bug has been marked a duplicate of bug 1978851
   gpg-agent on Ubuntu 18.04 does not  support rsa-sha2-512 and rsa-sha2-256 signature algorithms for SSH

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1978845

Title:
  gpg-agent on Ubuntu 18.04 does not  support rsa-sha2-512 and rsa-
  sha2-256 signature algorithms for SSH

Status in gnupg2 package in Ubuntu:
  New

Bug description:
  On Ubuntu 18.04 with a Yubikey RSA key, we noticed SSH logins were
  failing when we switched our SSH server out from OpenSSH to a custom
  Golang SSH server.

  We noticed that gpg-agent v2.2.6 fixes this problem via
  https://github.com/gpg/gnupg/commit/80b775bdbb852aa4a80292c9357e5b1876110c00.
  We highly recommend Ubuntu 18.04 either backport this patch or upgrade
  to v2.2.6.

  As described in https://github.com/golang/go/issues/53391, a SSH
  client initiates a session via a SSH_MSG_USERAUTH_REQUEST message:

  ```
       byte      SSH_MSG_USERAUTH_REQUEST
       string    user name
       string    service name
       string    "publickey"
       boolean   TRUE
       string    "rsa-sha2-512"     <--- 1 - Public key algorithm name (algo) (https://datatracker.ietf.org/doc/html/rfc4252#page-8)
       string    public key blob:
           string    "ssh-rsa"      <--- 2 - Public key type (pubKey.Type())
           mpint     e
           mpint     n
       string    signature:
           string    "rsa-sha2-512" <--- 3 - Signature format (sig.Format)
           string    rsa_signature_blob
  ```

  If a SSH server mandates that 1 and 3 match, the login will fail.
  OpenSSH is a bit more relaxed here in that as long as 1 is either
  `ssh-rsa`, `rsa-sha2-256`, or `rsa-sha2-512`, the signature
  verification is still allowed to proceed.

  This problem occurs because while OpenSSH v7.6 supports these new
  algorithms, gpg-agent doesn't know about them, so it just passes along
  `ssh-rsa` in 1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1978845/+subscriptions

More information about the foundations-bugs mailing list