login about faq

Tectia Client/Server 6.4.18 release notes contain the deprecation warning below concerning SHA1. How do I ensure a SHA2 algorithm can be used in algorithm negotiation between secure shell clients and secure shell servers?

Deprecation Warnings

Due to vulnerabilities discovered in the SHA-1 hashing algorithm, ssh-rsa (RSA/SHA1) algorithms shall be deprecated in future releases.

In future releases ssh-rsa (RSA/SHA1) will no longer be included in public-key-signature default values. It is recommended to start using SHA2 variants (e.g. rsa-sha2-256, ssh-rsa-sha256@ssh.com) for existing RSA keys.

Also in future releases, DSA SHA1 (ssh-dss) will no longer be included in public-key-signature default values. It is recommended to start using SHA2 variants (e.g. ssh-dss-sha256@ssh.com) for existing DSA keys and create additional RSA, ED25519, or ECDSA key(s) for better interoperability with third-party clients.

asked Mar 19 at 18:30

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

edited Mar 19 at 19:01


Since version 6.2 Tectia Client (and some 3rd party secure shell products that have implemented the *@ssh.com SHA2 algorithms) have been able to use SHA-2 variants when connecting to Tectia Servers. With OpenSSH full SHA2 compatibility requires Tectia Client/Server version 6.4.18 or above.

RSA KEYS

For example, if the Tectia Server has a RSA hostkey, and you have NOT configured hostkey algorithms in /etc/ssh2/ssh-server-config.xml, then after upgrade to Tectia Server 6.4.18 or above RFC 8308 compliant SHA2 variants are among the offered in algorithm negotiation. Tectia Server version 6.4.18 also includes the ssh-rsa (RSA SHA1) and Tectia ssh-rsa-sha256@ssh.com for compatibility with old clients.

rsa-sha2-256,rsa-sha2-512,ssh-rsa-sha256@ssh.com,ssh-rsa

The secure shell client effectively picks the first matching hostkey algorithm from this list that might be SHA1 ssh-rsa (the original secure shell RFC compliant RSA hostkey algorithm) depending on what is supported and what order is configured on the client-side.

For example, Tectia Client 6.4.18 by default prefers SHA2 rsa-sha2-512 as seen in the Algorithm_negotiation_success message.

sshg3 -v server_host

1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group-exchange-sha256, 
hostkey_algorithm=rsa-sha2-512, cipher=crypticore128@ssh.com/crypticore128@ssh.com, mac=crypticore-mac@ssh.com/crypticore-mac@ssh.com, compression=none/none"

If you have already enforced SHA-2 on the server-side in /etc/ssh2/ssh-server-config.xml, you should add both rsa-sha2-256 and rsa-sha2-512 to the <connection> block after KEX methods, for example

<hostkey-algorithm name="rsa-sha2-256" />
<hostkey-algorithm name="rsa-sha2-512" />
<hostkey-algorithm name="ssh-rsa-sha256@ssh.com" />
<hostkey-algorithm name="ssh-rsa-sha512@ssh.com" />

If SHA2 is enforced, a client that only supports or is configured to use only SHA1 will fail to connect with error:

1001 Algorithm_negotiation_failure, Algorithm: Host key algorithm, 
Client algorithms: ssh-rsa,ssh-dss,
Server algorithms: rsa-sha2-256,rsa-sha2-512,ssh-rsa-sha256@ssh.com,ssh-rsa-sha512@ssh.com

On the client-side ensure that if hostkey algorithms have been configured, the Enabled Hostkey Algorithms include SHA2 algorithms in the order client should prefer them in user's ssh-broker-config.xml or system wide /etc/ssh2/ssh-broker-config.xml, for example:

<hostkey-algorithms>
  <hostkey-algorithm name="ssh-ed25519" />
  <hostkey-algorithm name="rsa-sha2-512" />
  <hostkey-algorithm name="rsa-sha2-256" />     
  <hostkey-algorithm name="ssh-rsa-sha512@ssh.com" />
  <hostkey-algorithm name="ssh-rsa-sha256@ssh.com" />
  <hostkey-algorithm name="ecdsa-sha2-nistp256" />
  <hostkey-algorithm name="ssh-dss-sha256@ssh.com" />
  <hostkey-algorithm name="x509v3-ecdsa-sha2-nistp256" />
  <hostkey-algorithm name="x509v3-sign-dss-sha256@ssh.com" />
  <hostkey-algorithm name="x509v3-sign-rsa-sha256@ssh.com" />
</hostkey-algorithms>

DSA KEYS

For example, if the Tectia Server has a DSA hostkey as the only hostkey, the Tectia Server 6.4.18 will by default offer both DSA SHA2 and SHA1 ssh-dss-sha256@ssh.com,ssh-dss in algorithm negotiation and Tectia Client 6.4.18 by default prefers SHA2 over SHA1.

1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group-exchange-sha256,
hostkey_algorithm=ssh-dss-sha256@ssh.com, cipher=crypticore128@ssh.com/crypticore128@ssh.com, mac=crypticore-mac@ssh.com/crypticore-mac@ssh.com, compression=none/none"

If SHA2 is enforced on the server-side <hostkey-algorithm name="ssh-dss-sha256@ssh.com" /> in /etc/ssh2/ssh-server-config.xml, only Tectia Clients are able to connect and others fail either because they support only SHA1 or do not support DSA at all like OpenSSH since version 7.0.

1001 Algorithm_negotiation_failure, Algorithm: Host key algorithm, 
Client algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa, 
Server algorithms: ssh-dss-sha256@ssh.com,

It is recommended to create additional RSA, ED25519, or ECDSA key(s) for better interoperability with third-party clients. Note that Tectia Client's that already trusts a DSA hostkey for existing server, will continue to use DSA key in version 6.4.18 if server offers it even if the client prefers another hostkey for a first connection to an unknown server.

link

answered Mar 19 at 18:58

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

edited Mar 19 at 19:29

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×3
×2
×1
×1
×1

Asked: Mar 19 at 18:30

Seen: 68 times

Last updated: Mar 19 at 19:29

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.