[ssh_x509] x509v3-ssh-rsa not working when server disable x509v3-rsa2048-sha256

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Oct 6 15:35:56 EEST 2021


Hi,

I am adding support to RFC6187 algorithms in my SSH server. We already
supported the x509v3-sign-rsa and x509v3-sign-dss. Just adding support
for RFC 6187 algorithms.

I use pkixssh-13.1 as SSH client. I use the same user certificate
which we used earlier for the x5093-sign-rsa case. I see it works
good, by first choosing x509v3-rsa2048-sha256. But when i disable the
'x509v3-rsa2048-sha256' in server side, i was expecting, the
'x509v3-ssh-rsa' will be chosen and should work good. But i see it is
failing in client side itself:

Here is the SSH server side config on pubkeyaccepted: Have removed the
'x509v3-rsa2048-sha256'

PubkeyAcceptedKeyTypes
x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,

Client is pkixssh-13.1. I see below error in client when trying to
establish ssh-x509 connection:

(snip)

Offering public key: 'x509v3-ssh-rsa' /../shuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'
X.509 certificate chain is not set. Remote host may refuse key.
debug2: we sent a publickey packet, wait for reply
X509key_from_blob2: public-key algorithm mismatch: expected
x509v3-ssh-rsa extracted x509v3-rsa2048-sha256
debug1: no key from blob. pkalg x509v3-ssh-rsa - key type does not match
ssh_dispatch_run_fatal: Connection to 10.127.2.19 port 22: key type
does not match

(snip)

I see the ssh_xkalg_keyfrmind always returns the first base type
match. In that case it is always x509v3-rsa2048-sha256. Therefore it
mismatches with the given type x509-ssh-rsa.

I also did below experiments and see following behavior.

Case-1: When i removed the 'x509v3-rsa2048-sha256' - in client, by
commenting out below code in pkixssh client, it works by choosing
x509v3-ssh-rsa. But i am sure this is not the right way.

ssh-xkalg.c

        /* e- RFC6187 */
#ifdef HAVE_EVP_SHA256
//         if (ssh_add_x509key_alg("x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256")
< 0)
//                fatal_f("oops");
#endif


Client:

Offering public key: 'x509v3-ssh-rsa' ../sshuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'
X.509 certificate chain is not set. Remote host may refuse key.
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: 'x509v3-ssh-rsa' ../sshuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
X.509 certificate chain is not set. Remote host may refuse key.
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'


Server:

PubkeyAcceptedKeyTypes
x509v3-rsa2048-sha256,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,


As can be seen, if x509v3-rsa2048-sha256 is not present in the
client's list, then x509v3-ssh-rsa is chosen and works good, for same
user cert.

Case-2: Default, x509v3-rsa2048-sha256 is chosen and works good.

Client:
Offering public key: 'x509v3-rsa2048-sha256' ../sshuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'
X.509 certificate chain is not set. Remote host may refuse key.
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: 'x509v3-rsa2048-sha256' /../sshuserFile
RSA+cert SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
X.509 certificate chain is not set. Remote host may refuse key.
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'


Server:
PubkeyAcceptedKeyTypes
x509v3-rsa2048-sha256,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,

Case-3: When i disable both x509v3-rsa2048-sha256 and x509v3-ssh-rsa -
in server side, it all works good - by choosing x5093-sign-rsa - for
same user cert.

Client:

Offering public key: 'x509v3-sign-rsa' ../sshuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: 'x509v3-sign-rsa' ../sshuserFile RSA+cert
SHA256:tXthQIyQ4DwEKbhcSMVQQwitvle9gsFMR8mlsELbSXI explicit
cannot build certificate chain, code=20, msg='unable to get local
issuer certificate'

Server:
PubkeyAcceptedKeyTypes x509v3-ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,


So my query is - when i disable 'x509v3-rsa2048-sha256' in server side
- but client supports it - why it fails ? My expectation is
x509v3-ssh-rsa should be chosen and should work good.

Please share your valuable comments.

Thanks & Regards,
Murugesh
Thanks & Regards,
Murugesh



More information about the ssh_x509 mailing list