[ssh_x509] empty x509v3-ecdsa-sha2-nistp256 key?

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Nov 12 11:55:16 EET 2016


Hi Roumen,

I'm at another IETF hackathon trying to debug the issue we discussed 
back in May.  I think I've narrowed it down to PKIX-SSH not sending 
elliptical keys correctly (but I could be wrong, as I'm having an issue 
setting breakpoints on the `sshd` process).   Anyway, I could really use 
your help on this.  Tomorrow is the second day of the hackathon, but no 
worries if you're busy.

Thanks,
Kent



Here's the error I see in Maverick SSH (recall, I'm using a Java-based 
SSH client):

     com.maverick.ssh.SshException: Public key blob is not a \
     x509v3-ecdsa-sha2-nistp256 formatted key [] [Unknown cause]

Note that the the developer of Maverick SSH modified the exception to 
output the key between the brackets.  He says that the "[]" means no key 
was sent.



Here's the `sshd` debug3 output:

     debug2: load_server_config: filename .config-mgr.sshd_config_file
     debug2: load_server_config: done config len = 301
     debug2: parse_server_config: config .config-mgr.sshd_config_file 
len 301
     debug3: .config-mgr.sshd_config_file:1 setting UsePAM yes
     debug3: .config-mgr.sshd_config_file:2 setting 
UsePrivilegeSeparation no
     debug3: .config-mgr.sshd_config_file:3 setting ClientAliveInterval 10
     debug3: .config-mgr.sshd_config_file:4 setting ClientAliveCountMax 2
     debug3: .config-mgr.sshd_config_file:5 setting Subsystem netconf 
/Users/kwatsen/Juniper/version-control-servers/github/juniper/netconf-call-home/network-element/netconfd
     debug3: .config-mgr.sshd_config_file:6 setting HostKey ssh_hostkey.pem
     debug3: .config-mgr.sshd_config_file:7 setting X509KeyAlgorithm 
x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256
     debug2: hash dir '/usr/local/pkixssh-9.2/etc/ca/crt' added to x509 
store
     debug2: hash dir '/usr/local/pkixssh-9.2/etc/ca/crl' added to x509 
revocation store
     debug1: ssh_set_validator: ignore responder url
     debug1: sshd version OpenSSH_7.3, OpenSSL 0.9.8zg 14 July 2015
     debug1: read PEM private key begin
     debug1: read X.509 certificate begin
     debug1: read X.509 certificate done: type ECDSA+cert
     debug3: sshkey_load_public() 
filename=/Users/kwatsen/Juniper/version-control-servers/github/juniper/netconf-call-home/network-element/ssh_hostkey.pem
     debug1: key_load_public: No such file or directory
     debug1: private host key #0: x509v3-ecdsa-sha2-nistp256 
SHA256:8xH5gtDLyUUZTmbOea9WRw3TqW/pwOkBA0afk2g4U2Q
     debug1: inetd sockets after dupping: 4, 5
     Connection from ::1 port 7777 on ::1 port 52385
     debug1: Client protocol version 2.0; client software version 
maverick_legacy_1.6.24
     debug1: no match: maverick_legacy_1.6.24
     debug1: Enabling compatibility mode for protocol 2.0
     debug1: Local version string SSH-2.0-OpenSSH_7.3 PKIX
     debug2: fd 4 setting O_NONBLOCK
     debug3: fd 5 is O_NONBLOCK
     debug1: list_hostkey_types: x509v3-ecdsa-sha2-nistp256
     debug3: send packet: type 20
     debug1: SSH2_MSG_KEXINIT sent
     debug3: receive packet: type 20
     debug1: SSH2_MSG_KEXINIT received
     debug2: local server KEXINIT proposal
     debug2: KEX algorithms: 
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
     debug2: host key algorithms: x509v3-ecdsa-sha2-nistp256
     debug2: ciphers ctos: 
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
     debug2: ciphers stoc: 
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
     debug2: MACs ctos: 
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
     debug2: MACs stoc: 
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
     debug2: compression ctos: none,zlib at openssh.com
     debug2: compression stoc: none,zlib at openssh.com
     debug2: languages ctos:
     debug2: languages stoc:
     debug2: first_kex_follows 0
     debug2: reserved 0
     debug2: peer client KEXINIT proposal
     debug2: KEX algorithms: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
     debug2: host key algorithms: 
ecdsa-sha2-nistp256,ssh-dss,ssh-rsa,x509v3-sign-rsa,x509v3-sign-dss,x509v3-sign-rsa-sha1,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-rsa2048-sha256
     debug2: ciphers ctos: 
aes128-ctr,3des-ctr,3des-cbc,blowfish-cbc,aes128-cbc,arcfour,arcfour128
     debug2: ciphers stoc: 
aes128-ctr,3des-ctr,3des-cbc,blowfish-cbc,aes128-cbc,arcfour,arcfour128
     debug2: MACs ctos: 
hmac-sha2-256,hmac-md5,hmac-md5-etm at openssh.com,hmac-sha1,hmac-sha1-etm at openssh.com,hmac-md5-96,hmac-sha1-96,hmac-sha256,hmac-sha256 at ssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-256-96,hmac-sha512,hmac-sha2-512,hmac-sha512 at ssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-512-96
     debug2: MACs stoc: 
hmac-sha2-256,hmac-md5,hmac-md5-etm at openssh.com,hmac-sha1,hmac-sha1-etm at openssh.com,hmac-md5-96,hmac-sha1-96,hmac-sha256,hmac-sha256 at ssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-256-96,hmac-sha512,hmac-sha2-512,hmac-sha512 at ssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-512-96
     debug2: compression ctos: none,zlib,zlib at openssh.com
     debug2: compression stoc: none,zlib,zlib at openssh.com
     debug2: languages ctos:
     debug2: languages stoc:
     debug2: first_kex_follows 0
     debug2: reserved 0
     debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
     debug1: kex: host key algorithm: x509v3-ecdsa-sha2-nistp256
     debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 
compression: none
     debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 
compression: none
     debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST
     debug3: receive packet: type 34
     debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
     debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
     debug3: send packet: type 31
     debug2: bits set: 1017/2048
     debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
     debug3: receive packet: type 32
     debug2: bits set: 1001/2048
     debug3: ssh_x509_sign: key_type=ECDSA+cert, 
key_ssh_name=x509v3-ecdsa-sha2-nistp256
     debug3: ssh_x509_sign: alg=x509v3-ecdsa-sha2-nistp256, md=sha256
     debug3: ssh_x509_EVP_PKEY_sign: keylen=72, siglen=71
     debug3: ssh_x509_sign: signame=ecdsa-sha2-nistp256
     debug3: ssh_x509_sign: return 0
     debug3: send packet: type 33
     debug3: send packet: type 21
     debug2: set_newkeys: mode 1
     debug1: rekey after 4294967296 blocks
     debug1: SSH2_MSG_NEWKEYS sent
     debug1: expecting SSH2_MSG_NEWKEYS

The `sshd` process hangs here, waiting for the Java-based SSH client to 
respond, which never happens since it threw the exception mentioned above.




My SSH config file looks like this:

     UsePAM yes
     UsePrivilegeSeparation no
     ClientAliveInterval 10
     ClientAliveCountMax 2
     HostKey ssh_hostkey.pem
     X509KeyAlgorithm x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256



My "ssh_hostkey.pem" file looks like this:

     -----BEGIN EC PRIVATE KEY-----
     MHcCAQEEIDyOHBsACiM5Weu6vR+B5ybE7TeLXXeOJMK2iW4aC18IoAoGCCqGSM49
     AwEHoUQDQgAEWzXaT29IdAP2AnfNtJXnrsaw4tp6WeyeUw+Q91rtBqDxtN7fWjlQ
     O26tNSyP4BvKtP5mh2TvbI9icQiHqrj7Rw==
     -----END EC PRIVATE KEY-----
     -----BEGIN CERTIFICATE-----
     MIICrTCCAlSgAwIBAgIBATAJBgcqhkjOPQQBMG4xFDASBgNVBAoMC0V4YW1wbGUg
     SW5jMRYwFAYDVQQLDA1Jc3N1YW5jZSBUZWFtMR8wHQYDVQQDDBZEZXZpY2UgU2ln
     bmluZyBSb290IENBMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0x
     NjExMTIwODA5MTVaFw0xNzExMTIwODA5MTVaMEQxFDASBgNVBAoTC0V4YW1wbGUg
     SW5jMRYwFAYDVQQLEw1Jc3N1YW5jZSBUZWFtMRQwEgYDVQQDEwtBQkNERUYxMTEx
     MTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFs12k9vSHQD9gJ3zbSV567GsOLa
     elnsnlMPkPda7Qag8bTe31o5UDturTUsj+AbyrT+Zodk72yPYnEIh6q4+0ejggEM
     MIIBCDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQtZrHSpewUC07VPGEe5gLIU+eCIjCB
     oAYDVR0jBIGYMIGVgBQ6duFtwptpSGt+0xNGIdDH5JcaI6FypHAwbjEUMBIGA1UE
     CgwLRXhhbXBsZSBJbmMxFjAUBgNVBAsMDUlzc3VhbmNlIFRlYW0xHzAdBgNVBAMM
     FkRldmljZSBTaWduaW5nIFJvb3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
     bGUuY29tggkAm169a5dq2fEwOQYJYIZIAYb4QgEEBCwWKmh0dHBzOi8vd3d3LmV4
     YW1wbGUuY29tL2V4YW1wbGUtY2EtY3JsLnBlbTAJBgcqhkjOPQQBA0gAMEUCIQCA
     HANTUIAUJ5NosEwiYSQr6cK9TrvGVKNd+MdXyecM3QIgPG8HiKi2PJr0owJDtAeg
     nlQiEfqtlAH3hD3sm/ZQTLU=
     -----END CERTIFICATE-----



The EC PRIVATE KEY is decoded as follows:

     Private-Key: (256 bit)
     priv:
         3c:8e:1c:1b:00:0a:23:39:59:eb:ba:bd:1f:81:e7:
         26:c4:ed:37:8b:5d:77:8e:24:c2:b6:89:6e:1a:0b:
         5f:08
     pub:
         04:5b:35:da:4f:6f:48:74:03:f6:02:77:cd:b4:95:
         e7:ae:c6:b0:e2:da:7a:59:ec:9e:53:0f:90:f7:5a:
         ed:06:a0:f1:b4:de:df:5a:39:50:3b:6e:ad:35:2c:
         8f:e0:1b:ca:b4:fe:66:87:64:ef:6c:8f:62:71:08:
         87:aa:b8:fb:47
     ASN1 OID: prime256v1



The CERTIFICATE is decoded as follows:

     Certificate:
         Data:
             Version: 3 (0x2)
             Serial Number: 1 (0x1)
             Signature Algorithm: ecdsa-with-SHA1
             Issuer: O=Example Inc, OU=Issuance Team, CN=Device Signing 
Root CA/emailAddress=ca at example.com
             Validity
                 Not Before: Nov 12 08:09:15 2016 GMT
                 Not After : Nov 12 08:09:15 2017 GMT
             Subject: O=Example Inc, OU=Issuance Team, CN=ABCDEF11111
             Subject Public Key Info:
                 Public Key Algorithm: id-ecPublicKey
                 EC Public Key:
                     pub:
04:5b:35:da:4f:6f:48:74:03:f6:02:77:cd:b4:95:
e7:ae:c6:b0:e2:da:7a:59:ec:9e:53:0f:90:f7:5a:
ed:06:a0:f1:b4:de:df:5a:39:50:3b:6e:ad:35:2c:
8f:e0:1b:ca:b4:fe:66:87:64:ef:6c:8f:62:71:08:
                         87:aa:b8:fb:47
                     ASN1 OID: prime256v1
             X509v3 extensions:
                 X509v3 Basic Constraints:
                     CA:FALSE
                 X509v3 Subject Key Identifier:
2D:66:B1:D2:A5:EC:14:0B:4E:D5:3C:61:1E:E6:02:C8:53:E7:82:22
                 X509v3 Authority Key Identifier:
keyid:3A:76:E1:6D:C2:9B:69:48:6B:7E:D3:13:46:21:D0:C7:E4:97:1A:23
                     DirName:/O=Example Inc/OU=Issuance Team/CN=Device 
Signing Root CA/emailAddress=ca at example.com
                     serial:9B:5E:BD:6B:97:6A:D9:F1
                 Netscape CA Revocation Url:
                     https://www.example.com/example-ca-crl.pem
         Signature Algorithm: ecdsa-with-SHA1
             30:45:02:21:00:80:1c:03:53:50:80:14:27:93:68:b0:4c:22:
             61:24:2b:e9:c2:bd:4e:bb:c6:54:a3:5d:f8:c7:57:c9:e7:0c:
             dd:02:20:3c:6f:07:88:a8:b6:3c:9a:f4:a3:02:43:b4:07:a0:
             9e:54:22:11:fa:ad:94:01:f7:84:3d:ec:9b:f6:50:4c:b5




Am I doing something wrong, or is there a bug in PKIX-SSH?

Thanks again,
Kent








More information about the ssh_x509 mailing list