Presently, OpenSSH 7.8 (Fedora 28/Arch) is unable to negotiate with a OpenSSH 7.4 (CentOS 7) server utilizing a certificate signed key, as described in a bug filed on redhat's bugzilla. OpenSSH release notes indicate a change in the signature negotiation algorithm must now be explicitly defined. While 2 new signatures algorithms are now allowed (since 7.7), a bug or by intention, ssh-rsa-cert-v01@openssh.com user certificate are no longer able to be used for authentication.
Steps to Reproduce:
- ssh-keygen -t rsa -b 2048 -f test
- ssh-keygen -s cert.key -I "signedcert" -n testuser test.pub
- ssh -i test -vvv user@serverip
I am attempting to work around this issue by modifying the algorithm utilized in the certificate signing process.
ssh-keygen -L -f test.crt
test.crt:
Type: ssh-rsa-cert-v01@openssh.com user certificate
Public key: RSA-CERT SHA256:<fingerprint>
Signing CA: RSA SHA256:<fingerprint>
The default for ssh-keygen is to sign the key in ssh-rsa-cert-v01@openssh.com.
According to OpenSSH 7.8 doc, PROTOCOL.certkeys.
All certificate types include certification information along with the
public key that is used to sign challenges. In OpenSSH, ssh-keygen
performs the CA signing operation.
Certified keys are represented using new key types:
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
Two additional types exist for RSA certificates to force use of
SHA-2 signatures (SHA-256 and SHA-512 respectively):
rsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512-cert-v01@openssh.com
This tells me there are 7 key types available, how do I specify one in ssh-keygen certificate signing process.
Please Note:
-
The following configuration change on client or server does not work for me.
PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com
-
Signing the key in ed25519 format is not backward compatible to servers with openssh 5.3, such as CentOS 6 and thus will not be considered a solution.
Two solutions are possible here.
- Find a suitable workaround to allow ssh-rsa-cert-v01@openssh.com
user certificates again. - Find a way to change the certificate
signing algorithm in ssh-keygen.
Update: ( 1 day later )
According to a user on #openssh, a certificate signature algorithm is set by the key used to sign the private key. This means, if I can figure out how to change the RSA algorithm from RSA:SHA1 to RSA:SHA2 I might be able to force the certificate signing algorithm to be sha2-256, which is possible on both sides with an additional work around.
Update: ( 12 day later )
Watching the bug report submitted, there has been little progress made… or so it appeared.
I was able to have an informal conversation with a RHEL employee who took a look at my bug and stated the right people are looking at it and since this is also effecting RHEL will likely have a fix with RHEL/CentOS 7.6
Best Answer
The linked article documents the following approach:
The key being the
-t rsa-sha2-256
parameter.