[Bug 1978851] Re: gpg-agent on Ubuntu 18.04 does not support rsa-sha2-512 and rsa-sha2-256 signature algorithms for SSH
Stan Hu
1978851 at bugs.launchpad.net
Wed Jun 15 21:35:30 UTC 2022
** Description changed:
On Ubuntu 18.04 with a Yubikey RSA key, we noticed SSH logins were
failing when we switched our SSH server out from OpenSSH to a custom
Golang SSH server.
We noticed that gpg-agent v2.2.6 fixes this problem via
https://github.com/gpg/gnupg/commit/80b775bdbb852aa4a80292c9357e5b1876110c00.
We highly recommend Ubuntu 18.04 either backport this patch or upgrade
to v2.2.6.
As described in https://github.com/golang/go/issues/53391, a SSH client
initiates a session via a SSH_MSG_USERAUTH_REQUEST message:
```
- byte SSH_MSG_USERAUTH_REQUEST
- string user name
- string service name
- string "publickey"
- boolean TRUE
- string "rsa-sha2-512" <--- 1 - Public key algorithm name (algo) (https://datatracker.ietf.org/doc/html/rfc4252#page-8)
- string public key blob:
- string "ssh-rsa" <--- 2 - Public key type (pubKey.Type())
- mpint e
- mpint n
- string signature:
- string "rsa-sha2-512" <--- 3 - Signature format (sig.Format)
- string rsa_signature_blob
+ byte SSH_MSG_USERAUTH_REQUEST
+ string user name
+ string service name
+ string "publickey"
+ boolean TRUE
+ string "rsa-sha2-512" <--- 1 - Public key algorithm name (algo) (https://datatracker.ietf.org/doc/html/rfc4252#page-8)
+ string public key blob:
+ string "ssh-rsa" <--- 2 - Public key type (pubKey.Type())
+ mpint e
+ mpint n
+ string signature:
+ string "rsa-sha2-512" <--- 3 - Signature format (sig.Format)
+ string rsa_signature_blob
```
If a SSH server mandates that 1 and 3 match, the login will fail.
- OpenSSH is a bit more relaxed here in that as long as 1 is either `ssh-
+ OpenSSH is a bit more relaxed here in that as long as 3 is either `ssh-
rsa`, `rsa-sha2-256`, or `rsa-sha2-512`, the signature verification is
still allowed to proceed.
This problem occurs because while OpenSSH v7.6 supports these new
algorithms, gpg-agent doesn't know about them, so it just passes along
- `ssh-rsa` in 1.
+ `ssh-rsa` in 3.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1978851
Title:
gpg-agent on Ubuntu 18.04 does not support rsa-sha2-512 and rsa-
sha2-256 signature algorithms for SSH
Status in gnupg2 package in Ubuntu:
New
Bug description:
On Ubuntu 18.04 with a Yubikey RSA key, we noticed SSH logins were
failing when we switched our SSH server out from OpenSSH to a custom
Golang SSH server.
We noticed that gpg-agent v2.2.6 fixes this problem via
https://github.com/gpg/gnupg/commit/80b775bdbb852aa4a80292c9357e5b1876110c00.
We highly recommend Ubuntu 18.04 either backport this patch or upgrade
to v2.2.6.
As described in https://github.com/golang/go/issues/53391, a SSH
client initiates a session via a SSH_MSG_USERAUTH_REQUEST message:
```
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string "rsa-sha2-512" <--- 1 - Public key algorithm name (algo) (https://datatracker.ietf.org/doc/html/rfc4252#page-8)
string public key blob:
string "ssh-rsa" <--- 2 - Public key type (pubKey.Type())
mpint e
mpint n
string signature:
string "rsa-sha2-512" <--- 3 - Signature format (sig.Format)
string rsa_signature_blob
```
If a SSH server mandates that 1 and 3 match, the login will fail.
OpenSSH is a bit more relaxed here in that as long as 3 is either
`ssh-rsa`, `rsa-sha2-256`, or `rsa-sha2-512`, the signature
verification is still allowed to proceed.
This problem occurs because while OpenSSH v7.6 supports these new
algorithms, gpg-agent doesn't know about them, so it just passes along
`ssh-rsa` in 3.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1978851/+subscriptions
More information about the foundations-bugs
mailing list