Bug#810546: openssh-client: hostkey verification fails checking/matching HostKeyAlgorithm; misreports offending HostKey

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#810546: openssh-client: hostkey verification fails checking/matching HostKeyAlgorithm; misreports offending HostKey
From: Arian Sanusi <debianbugs@semioptimal.net>
Date: Sat, 09 Jan 2016 19:18:00 +0100
Message-id: <[🔎] 145236348084.23715.4356199285228861592.reportbug@paqi.semioptimal.net>
Reply-to: Arian Sanusi <debianbugs@semioptimal.net>, 810546@bugs.debian.org

Package: openssh-client
Version: 1:7.1p1-5
Severity: normal

when connecting to a host A with entry in HostKeyAlgorithm-B-type HostKey in known_hosts and HostKey with Algorithm C!=B selected by client from A's offered pubkeys, ssh reports 

> ssh -o HostKeyAlgorithms=ssh-rsa ccczh.ch
> ...
> REMOTE HOST IDENTIFICATION HAS CHANGED!
> ...
> The fingerprint for the RSA key sent by the remote host is
> SHA256:BviBuxAuM8oiZQkw4xL128LRz/zfp0aozZK57t8MFxw.
> ...
> Offending ED25519 key in /home/arian-debian/.ssh/known_hosts:329

here B=ssh-ed25519, C=ssh-rsa
ssh checks wether the selected sent matches the known_hosts' pubkey, but fails to take HostKeyAlgorithm into account (Does not check for B==C).

As long as algorithm B is in the clients HostKeyAlgorithms, ssh should IMO use the known_host's pubkey (and maybe offer to insert the new prefered HostKey aquired over the authenticated channel into known_hosts)

In any case, the message displayed by ssh is wrong - A still offers an unchanged, known, and supported by HostKeyAlgorithms pubkey.

This hinders upgrade to better crypto when either hosts learn to support better crypto or HostKeyAlgorithms is changed to prefer or drop Algorithms 

this bug probably affects upstream, but I did not check therefor I did not set upstream tag

MWE:
ssh -o HostKeyAlgorithms=C localhost
with C!=B

#626864 may be a description of this bug (near-duplicate) but lacks reason

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.18.4
ii  libc6             2.21-6
ii  libedit2          3.1-20150325-1+b1
ii  libgssapi-krb5-2  1.13.2+dfsg-4
ii  libselinux1       2.4-3
ii  libssl1.0.2       1.0.2e-1
ii  passwd            1:4.2-3.1
ii  zlib1g            1:1.2.8.dfsg-2+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

Reply to:

Prev by Date: Bug#774711: recommendations for changing openssh defaults
Next by Date: openssh 1:7.1p1-6 MIGRATED to testing
Previous by thread: Bug#774711: recommendations for changing openssh defaults
Next by thread: openssh 1:7.1p1-6 MIGRATED to testing
Index(es):
- Date
- Thread