Categories
SysOps

How to configure OpenSSH server to use legacy public key algorithm to authenticate itself to an SSH client

Configure OpenSSH server to use legacy public key algorithm to authenticate itself to an SSH client.

Operating system version.

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04 LTS
Release:	22.04
Codename:	jammy

SSHD package version.

$ ssh -V
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

Try to connect using an older SSH client and observe log files.

[...]
May 31 22:22:44 IdeaCentre sshd[33980]: debug1: Forked child 34086.
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Set /proc/self/oom_score_adj to 0
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: inetd sockets after dupping: 4, 4
May 31 22:22:44 IdeaCentre sshd[34086]: Connection from 172.16.151.114 port 49966 on 172.16.151.200 port 22 rdomain ""
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Remote protocol version 2.0, remote software version SSHJ_0.0.0_no.git
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: compat_banner: no match: SSHJ_0.0.0_no.git
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: permanently_set_uid: 128/65534 [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: SSH2_MSG_KEXINIT sent [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: SSH2_MSG_KEXINIT received [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: kex: host key algorithm: (no match) [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: Unable to negotiate with 172.16.151.114 port 49966: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: do_cleanup [preauth]
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: monitor_read_log: child log fd closed
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: do_cleanup
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Killing privsep child 34087
May 31 22:22:44 IdeaCentre sshd[34086]: debug1: audit_event: unhandled event 12
[...]

Display the public key algorithms accepted for an SSH server to authenticate itself to an SSH client.

$ sudo sshd -T | grep -i ^HostkeyAlgorithms
hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256

The client tries to use ssh-rsa or ssh-dss public key algorithms to authenticate SSH server, but these are already disabled.

OpenSSH 7.0 removed support for ssh-dss public key algorithm.

[...]

Potentially-incompatible Changes
--------------------------------

[...]
 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at http://www.openssh.com/legacy.html

[...]

New Features
------------

[...]

 * sshd_config(5): add HostKeyAlgorithms option to control which
   public key types are offered for host authentications.

 * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
   HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
   options to allow appending to the default set of algorithms
   instead of replacing it. Options may now be prefixed with a '+'
   to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss".

[...]

OpenSSH 8.8 removed support for ssh-rss public key algorithm.

[...]

Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

[...]

This is not a best security practice, but you can temporarily allow legacy ssh-rsa keys to be used to authenticate SSH server.

$ sudo tee /etc/ssh/sshd_config.d/legacy.conf <<EOF
HostkeyAlgorithms +ssh-rsa
EOF

Restart SSHD server.

$ sudo systemctl restart sshd

Try to connect using an older SSH client and observe log files.

May 31 23:23:01 IdeaCentre sshd[41414]: debug1: Forked child 41449.
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Set /proc/self/oom_score_adj to 0
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: inetd sockets after dupping: 4, 4
May 31 23:23:01 IdeaCentre sshd[41449]: Connection from 172.16.151.114 port 50006 on 172.16.151.200 port 22 rdomain ""
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Remote protocol version 2.0, remote software version SSHJ_0.0.0_no.git
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: compat_banner: no match: SSHJ_0.0.0_no.git
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: permanently_set_uid: 128/65534 [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEXINIT sent [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEXINIT received [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: host key algorithm: ssh-rsa [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_INIT received [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rekey out after 4294967296 blocks [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_NEWKEYS received [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rekey in after 4294967296 blocks [preauth]
May 31 23:23:01 IdeaCentre sshd[41449]: debug1: KEX done [preauth]
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: userauth-request for user milosz service ssh-connection method password [preauth]
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: attempt 0 failures 0 [preauth]
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: initializing for "milosz"
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: setting PAM_RHOST to "172.16.151.114"
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: setting PAM_TTY to "ssh"
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: password authentication accepted for milosz
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: do_pam_account: called
May 31 23:23:09 IdeaCentre sshd[41449]: Accepted password for milosz from 172.16.151.114 port 50006 ssh2
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: monitor_child_preauth: user milosz authenticated by privileged process
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: monitor_read_log: child log fd closed
May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: establishing credentials
May 31 23:23:09 IdeaCentre sshd[41449]: pam_unix(sshd:session): session opened for user milosz(uid=1000) by (uid=0)
May 31 23:23:09 IdeaCentre systemd-logind[868]: New session 19 of user milosz.
May 31 23:23:09 IdeaCentre sshd[41449]: User child is on pid 41538
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: SELinux support disabled
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: PAM: establishing credentials
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: permanently_set_uid: 1000/1000
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: rekey in after 4294967296 blocks
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: rekey out after 4294967296 blocks
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: ssh_packet_set_postauth: called
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: Entering interactive session for SSH2.
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_init_dispatch
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: input_session_request
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: channel 0: new [server-session]
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_new: session 0
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_open: channel 0
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_open: session 0: link with channel 0
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_open: confirm session
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: Received SSH2_MSG_UNIMPLEMENTED for 6
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_by_channel: session 0 channel 0
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_input_channel_req: session 0 req subsystem
May 31 23:23:09 IdeaCentre sshd[41538]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server
May 31 23:23:09 IdeaCentre sshd[41538]: Starting session: subsystem 'sftp' for milosz from 172.16.151.114 port 50006 id 0

Success.

Additional notes

Use PubkeyAcceptedKeyTypes option to allow legacy public key types for user authentication.