On Thu, Aug 01 2019, Colin Watson wrote: > This is the scenario explained in the entry in > /usr/share/doc/openssh-server/NEWS.Debian.gz for version 1:7.8p1-1, > which was reproduced from upstream's release notes for OpenSSH 7.8: > > * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar > HostbasedAcceptedKeyTypes options have changed. These now > specify signature algorithms that are accepted for their > respective authentication mechanism, where previously they > specified accepted key types. This distinction matters when > using the RSA/SHA2 signature algorithms "rsa-sha2-256", > "rsa-sha2-512" and their certificate counterparts. > Configurations that override these options but omit these > algorithm names may cause unexpected authentication failures (no > action is required for configurations that accept the default for > these options). Oh shame on me - I thought I read the NEWS items (with apt-listchanges helpfully emailing them to me), but not carefully enough. Sorry for the bogus bug report. Long ago (during stretch) I adopted the OpenSSH certifcate/CA model: PubkeyAcceptedKeyTypes ssh-ed25519-cert-v01@openssh.com ...which I believe is SHA-256, yet the configuration was unaffected by the change in 7.8, otherwise I would've noticed a long while back on personal workstations running Debian testing. > I regret the inconvenience of the change, but given that it seems to > have been a deliberate change upstream (mentioned in their release > notes), I think it would be best to adapt to it. > > The debug output you quote is indeed a bit misleading (I think I'll > take that up with upstream), but there's a clue hiding in the > successful debug output: > > sshd[20199]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU [preauth] > > Note that the default for PubkeyAcceptedKeyTypes now ends with > "rsa-sha2-512,rsa-sha2-256,ssh-rsa" rather than just "ssh-rsa". > Therefore, things should work again if you set "PubkeyAcceptedKeyTypes > rsa-sha2-512,rsa-sha2-256,ssh-rsa". Let me know if that works? Yep it makes sense. BTW, if you take the debug output up with upstream, maybe also consider that there's no "ssh -Q key" or similar command that'll reveal the values that can be supplied to PubkeyAcceptedKeyTypes. $ ssh -Q key ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ...that's one of the first things I checked when dealing with the issue. Thanks for the clarification! -- Gerald Turner <gturner@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
Attachment:
signature.asc
Description: PGP signature