[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#776844: openssh-client: OpenSSH Client appears to try user's keys in wrong order



Package: openssh-client
Version: 1:6.7p1-3
Severity: normal

Dear Maintainer,

In summary:

I think readconf.c is adding the default IdentityFiles items in the
wrong order; leading to RSA and DSA keys being preferred to elliptic keys.

Demonstration:

   * What led up to the situation?

I created a new ed25519 key (alongside my existing rsa key):

:; ls -l ~/.ssh/
total 32
-rw-r--r-- 1 jdamery jdamery 10844 Feb  2 08:12 authorized_keys
-rw------- 1 jdamery jdamery   411 Feb  2 08:12 id_ed25519
-rw-r--r-- 1 jdamery jdamery    96 Feb  2 08:12 id_ed25519.pub
-rw------- 1 jdamery jdamery  3243 Feb  2 08:11 id_rsa
-rw-r--r-- 1 jdamery jdamery   740 Feb  2 08:11 id_rsa.pub
-rw-r--r-- 1 jdamery jdamery  3514 Feb  2 08:48 known_hosts

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

:; ssh -vvX oklina

[...]
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jdamery/.ssh/id_rsa (0x7f4c4b512ec0),
debug2: key: /home/jdamery/.ssh/id_dsa ((nil)),
debug2: key: /home/jdamery/.ssh/id_ecdsa ((nil)),
debug2: key: /home/jdamery/.ssh/id_ed25519 (0x7f4c4b513f20),
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jdamery/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
[...]

   * What was the outcome of this action?

ssh offered id_rsa ahead of id_ed25519

   * What outcome did you expect instead?

ssh offering id_ed25519 ahead of id_rsa

Cause of bug:

This behaviour occurs because in readconf.c fill_default_options() at
about line 1757:

                if (options->protocol & SSH_PROTO_2) {
                        add_identity_file(options, "~/",
                            _PATH_SSH_CLIENT_ID_RSA, 0);
                        add_identity_file(options, "~/",
                            _PATH_SSH_CLIENT_ID_DSA, 0);
#ifdef OPENSSL_HAS_ECC
                        add_identity_file(options, "~/",
                            _PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif
                        add_identity_file(options, "~/",
                            _PATH_SSH_CLIENT_ID_ED25519, 0);
                }


Identity files are tried in order, meaning that RSA and DSA keys are
preferred over the (newer, and preferrable) ECDSA and ED25519 keys.
In addition subsequent identity files specified in ssh_config are
added subsequent to these four so local configuration can't override
this behaviour without using non-default key file names.

Proposed solution:

Move the second two add_identity_file calls above the first two.

This fails however to fix the problem that local configuration can't
override the default order; which may require a new configuration
option to override the default.

Thanks,

J.

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.17.21
ii  libc6             2.19-13
ii  libedit2          3.1-20140620-2
ii  libgssapi-krb5-2  1.12.1+dfsg-15
ii  libselinux1       2.3-2
ii  libssl1.0.0       1.0.1j-1
ii  passwd            1:4.2-3
ii  zlib1g            1:1.2.8.dfsg-2+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information


Reply to: