1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd

    From Thomas Schmitt@21:1/5 to All on Fri May 31 21:00:01 2024
    Hi,

    i still have network access to a Debian 8 system, to which i logged in
    from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
    ssh fails with this public key authentication.
    The probably relevant messages from a run of ssh -vvv are:

    debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
    debug1: send_pubkey_test: no mutual signature algorithm

    To my luck, the old sshd already supports ssh-ed25519 and i was able to
    add the content of the Debian 12 id_ed25519.pub to the Debian 8 file .ssh/authorized_keys2 . Now ssh to the Debian 8 machine works again.


    But i find this error message "no mutual signature algorithm" strange.
    The Debian 12 ssh client is obviously willing to try ssh-rsa.
    The Debian 8 sshd accepted that key from Debian 11. Why not from 12 ?


    In
    https://www.openssh.com/releasenotes.html
    i find for 9.2 or older only a RequiredRSASize directive of which
    man sshd_config says the default is 1024.
    The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
    says the default of option -b with RSA was 2048.
    (Does anybody know how to analyze a key file in regard to such
    parameters ?)

    In the web i find the reverse problem, i.e. older machine cannot ssh to
    Debian 12, because ssh-rsa would now be disabled by default.


    Have a nice day :)

    Thomas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael =?utf-8?B?S2rDtnJsaW5n?=@21:1/5 to All on Fri May 31 22:30:01 2024
    On 31 May 2024 20:52 +0200, from [email protected] (Thomas Schmitt):
    The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
    says the default of option -b with RSA was 2048.
    (Does anybody know how to analyze a key file in regard to such
    parameters ?)

    $ ssh-keygen -l -f $pubkeyfile

    The first field of the output is the key length in bits (for RSA keys,
    this is the length of the modulus).

    --
    Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Schmitt@21:1/5 to All on Fri May 31 23:00:02 2024
    Hi,

    the following line in ~/.ssh/config did the trick:

    PubkeyAcceptedAlgorithms +ssh-rsa

    This lets ssh -v report:

    debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
    debug1: Server accepts key: /home/.../.ssh/id_rsa RSA SHA256:...
    Authenticated to ... ([...]:22) using "publickey".

    and leads to a shell session on the Debian 8 machine.

    So the mere message
    debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
    does not mean that RSA would be acceptable on the client side.
    It would be nice if the refusal message would be somewhat clearer than
    debug1: send_pubkey_test: no mutual signature algorithm


    I wrote:
    The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
    says the default of option -b with RSA was 2048.
    (Does anybody know how to analyze a key file in regard to such
    parameters ?)

    Michael Kjörling wrote:
    $ ssh-keygen -l -f $pubkeyfile

    Says "2048 SHA256:... ...@... (RSA)".
    (Now that i know the right option, i can suddenly see it in the man page.)


    Have a nice day :)

    Thomas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thomas Schmitt@21:1/5 to Jeffrey Walton on Sat Jun 1 11:50:01 2024
    Hi,

    Jeffrey Walton wrote:
    If I am not mistaken, the problem you are experiencing is due to using RSA/SHA-1 on the old machine.

    Max Nikulin wrote:
    My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that ssh-rsa means SHA1 while clients offers SHA256 for the same id_rsa key.

    Indeed NEWS.Debian.gz links
    PubkeyAcceptedAlgorithms +ssh-rsa
    to RSA/SHA1.
    This is the explanation why the message does not say that ssh-rsa is
    disabled and why the web is so unclear about the ssh-rsa hash algorithm.

    So the Debian 12 client really offered the RSA key but not in a way the
    Debian 8 server could handle.
    The ssh -v messages have a line

    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5

    (I wonder what the string "Debian-5" may mean. The Debian 12 machine has
    debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
    So "-5" is not the Debian version.
    )
    NEWS.Debian.gz says

    OpenSSH has supported RFC8332 RSA/SHA-256/512
    signatures since release 7.2 and existing ssh-rsa keys will
    automatically use the stronger algorithm where possible.

    So the Debian 8 sshd is too old for a better ssh-rsa handshake and the connection might have been highjacked since 2022 "for <USD$50K".


    ------------------------------------------------------------------------

    To my luck, this all is just for technical curiosity.

    Since the better reputed ssh-ed25519 key of the Debian 12 machine is
    accepted by the Debian 8 sshd, i will not use the ssh-rsa key anyways.
    After my experiments i commented out the line
    PubkeyAcceptedAlgorithms +ssh-rsa
    in ~/.ssh/config of the Debian 12 machine and verified that id_rsa now
    again is rejected with
    debug1: send_pubkey_test: no mutual signature algorithm


    Have a nice day :)

    Thomas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)