[ssh_x509] Host key verification failure

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon May 8 22:05:39 EEST 2017


Hello,

Simple as it may sound, I have been struggling with Host key verification failure with patches X509-10.0 and X509-10.1.1.  The SSH connection inconsistently fails due to host key verification failure with x509v3-sign-rsa and x509v3-ssh-rsa algorithms.

I've been struggling with this issue for over a week trying to identify a root-cause to no avail. This behavior is observed with baseline code where the only variable is a new patch.

Below are my known_hosts and authorized_key files that have been working solid up until we installed X509-10.0/X509-10.1.1 patch to get support for x509v3-ssh-rsa algorithm(RFC 6187).

Known_hosts(neither of the format works)
----------------
X208 x509v3-sign-rsa subject= CN=x208,OU=UK R&D,O=Cisco,L=Ruscombe,ST=Berkshire,C=GB
10.50.157.208  x509v3-sign-rsa subject= CN=x208,OU=UK R&D,O=Cisco,L=Ruscombe,ST=Berkshire,C=GB
X208, 10.50.157.208  x509v3-sign-rsa subject= CN=x208,OU=UK R&D,O=Cisco,L=Ruscombe,ST=Berkshire,C=GB


Authorized_keys
--------------------
x509v3-sign-rsa subject= CN=x201,OU=UK R&D,O=Cisco,L=Ruscombe,ST=Berkshire,C=GB

sshd_config
------------
Protocol 2
# Logging
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreUserKnownHosts no
IgnoreRhosts yes
# No password authentication.   We use certificates
PasswordAuthentication no
PermitEmptyPasswords no
# Lock down to a strong cipher and MAC
MACs hmac-sha2-512
Ciphers aes256-ctr
KexAlgorithms ecdh-sha2-nistp384
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no # printed by PAM
PrintLastLog no
TCPKeepAlive no
ClientAliveInterval 30
ClientAliveCountMax 3
UsePrivilegeSeparation yes
Compression no
PidFile /var/run/portforward/sshd.pid
MaxStartups 16
LoginGraceTime 30
MaxAuthTries 2
HostbasedAuthentication no
RhostsRSAAuthentication no
PermitTTY no
StrictModes yes
AllowedCertPurpose sslclient
HostKey /tandberg/persistent/certs/server-ssh.pem
CACertificateFile /tandberg/persistent/certs/ca.pem
KeyAllowSelfIssued no
PubkeyAlgorithms x509v3-sign-rsa
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
AllowGroups _pfwd pfwd
AllowUsers _pfwd pfwd
ChallengeResponseAuthentication no
Match User _pfwd
AllowTcpForwarding yes
Match User pfwd
AllowTcpForwarding yes


ssh_config
------------
AllowedCertPurpose sslserver
IdentityFile /tandberg/persistent/certs/server-ssh.pem
UserCACertificateFile /tandberg/persistent/certs/ca.pem
ExitOnForwardFailure yes
TCPKeepAlive no
ServerAliveInterval 30
ServerAliveCountMax 3
StrictHostKeyChecking yes
BatchMode yes
ConnectionAttempts 3
ConnectTimeout 10
ForwardX11 no
HostbasedAuthentication no
KbdInteractiveAuthentication no
PasswordAuthentication no
RhostsRSAAuthentication no
IdentitiesOnly yes
Protocol 2


Debug output of SSH connection:

ssh -F /tandberg/portforward/ssh_config -vvv _pfwd at 10.50.157.208 -p 2222:

/tandberg/portforward/ssh_config line 16: Unsupported option "rhostsrsaauthentication"
debug2: hash dir '/tandberg/.ssh/crt' added to x509 store
debug2: file '/tandberg/persistent/certs/ca.pem' added to x509 store
debug2: hash dir '/tandberg/.ssh/crl' added to x509 revocation store
debug2: hash dir '/etc/ssh/ca/crt' added to x509 store
debug2: hash dir '/etc/ssh/ca/crl' added to x509 revocation store
debug2: resolving "10.50.157.208" port 2222
debug2: ssh_connect_direct: needpriv 0
debug2: fd 4 setting O_NONBLOCK
debug3: timeout: 10000 ms remain after connect
debug3: sshkey_load_public() filename=/tandberg/persistent/certs/server-ssh.pem
debug3: sshkey_load_public() filename=/tandberg/persistent/certs/server-ssh.pem-cert
debug2: fd 4 setting O_NONBLOCK
debug3: send packet: type 20
debug3: receive packet: type 20
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,x509v3-sign-rsa,x509v3-ssh-rsa,x509v3-sign-dss,x509v3-ssh-dss,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com,zlib
debug2: compression stoc: none,zlib at openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp384
debug2: host key algorithms: x509v3-sign-rsa
debug2: ciphers ctos: aes256-ctr
debug2: ciphers stoc: aes256-ctr
debug2: MACs ctos: hmac-sha2-512
debug2: MACs stoc: hmac-sha2-512
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: send packet: type 30
debug3: receive packet: type 31
debug3: Xkey_from_blob() pkalg='x509v3-sign-rsa', blen=1344
debug3: x509_to_key: X509_get_pubkey done!
debug3: put_host_port: [10.50.157.208]:2222
debug3: put_host_port: [10.50.157.208]:2222
No RSA+cert host key is known for [10.50.157.208]:2222 and you have requested strict checking.
Host key verification failed.


Any insight into this issue will be great appreciated.

Thank you
Devaki Chokshi



More information about the ssh_x509 mailing list