Important note for future FreeBSD base system OpenSSH update

Markus Falb markus.falb at fasel.at
Sun Sep 12 14:02:56 UTC 2021



> On 09.09.2021, at 20:01, Ed Maste <emaste at freebsd.org> wrote:
> 
> OpenSSH will disable the ssh-rsa signature scheme by default in the
> next release.
> 
> ...
> 
> To check whether a server is using the weak ssh-rsa public key
> algorithm, for host authentication, try to connect to it after
> removing the ssh-rsa algorithm from ssh(1)'s allowed list:
> 
>    ssh -oHostKeyAlgorithms=-ssh-rsa user at host

FWIW, some of us may already have dealt with that.
FIPS enabled RedHat Enterprise Linux (and probably other FIPS enabled
systems) means effectively no ssh-rsa signature available in the sshd.
I had that situation at the beginning of the year.

As mentioned, ssh-rsa signature algorithm will stop working, but
that does not automatically imply that every RSA key must be
changed to something other. The signature algorithm is not a
property that is inherent to the key.

That said, existing RSA keys were working fine for me (my openssh
client was rsa-sha2-256 and rsa-sha2-512 capable) but when I tested
with some popular windows clients (filezilla, putty) it failed
(apparently no rsa-sha2 algorithms available).

I found it interesting that mentioned clients were ecdsa
capable but did not support sha2 signatures with RSA keys.
Maybe the situation changed in the meantime to the better.

There are 3 scenarios:

1. both sides support rsa-sha2 signatures -> RSA keys still working

2. one side does not support sha2 signatures but does support other
key types -> you can change key type

3. one side does not support sha2 and no other key type -> you loose

A prominent candidate for 3. would be Cisco IOS

Best Regards, Markus


More information about the freebsd-security mailing list