Important note for future FreeBSD base system OpenSSH update
Markus Falb
markus.falb at fasel.at
Sun Sep 12 14:02:56 UTC 2021
> On 09.09.2021, at 20:01, Ed Maste <emaste at freebsd.org> wrote:
>
> OpenSSH will disable the ssh-rsa signature scheme by default in the
> next release.
>
> ...
>
> To check whether a server is using the weak ssh-rsa public key
> algorithm, for host authentication, try to connect to it after
> removing the ssh-rsa algorithm from ssh(1)'s allowed list:
>
> ssh -oHostKeyAlgorithms=-ssh-rsa user at host
FWIW, some of us may already have dealt with that.
FIPS enabled RedHat Enterprise Linux (and probably other FIPS enabled
systems) means effectively no ssh-rsa signature available in the sshd.
I had that situation at the beginning of the year.
As mentioned, ssh-rsa signature algorithm will stop working, but
that does not automatically imply that every RSA key must be
changed to something other. The signature algorithm is not a
property that is inherent to the key.
That said, existing RSA keys were working fine for me (my openssh
client was rsa-sha2-256 and rsa-sha2-512 capable) but when I tested
with some popular windows clients (filezilla, putty) it failed
(apparently no rsa-sha2 algorithms available).
I found it interesting that mentioned clients were ecdsa
capable but did not support sha2 signatures with RSA keys.
Maybe the situation changed in the meantime to the better.
There are 3 scenarios:
1. both sides support rsa-sha2 signatures -> RSA keys still working
2. one side does not support sha2 signatures but does support other
key types -> you can change key type
3. one side does not support sha2 and no other key type -> you loose
A prominent candidate for 3. would be Cisco IOS
Best Regards, Markus
More information about the freebsd-security
mailing list