Bug#933665: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes

Thu, 01 Aug 2019 10:03:14 -0700 

On Thu, Aug 01, 2019 at 08:32:54AM -0700, Gerald Turner wrote:
> I've been running several servers, upgraded across many Debian stable
> releases, with sshd_config that had been tightened down in various ways
> (example attached) including explicit PubkeyAcceptedKeyTypes (containing
> ssh-rsa).  After upgrading to buster a user reported that he could no
> longer login with his RSA key.
> 
>   sshd[17025]: userauth_pubkey: key type ssh-rsa not in 
> PubkeyAcceptedKeyTypes [preauth]
> 
> I tested and found that explicitly defining PubkeyAcceptedKeyTypes in
> sshd_config breaks RSA pubkey auth, even when the line merely states:
> 
>   PubkeyAcceptedKeyTypes ssh-rsa

This is the scenario explained in the entry in
/usr/share/doc/openssh-server/NEWS.Debian.gz for version 1:7.8p1-1,
which was reproduced from upstream's release notes for OpenSSH 7.8:

   * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar
     HostbasedAcceptedKeyTypes options have changed.  These now specify
     signature algorithms that are accepted for their respective
     authentication mechanism, where previously they specified accepted key
     types.  This distinction matters when using the RSA/SHA2 signature
     algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate
     counterparts.  Configurations that override these options but omit
     these algorithm names may cause unexpected authentication failures (no
     action is required for configurations that accept the default for these
     options).

I regret the inconvenience of the change, but given that it seems to
have been a deliberate change upstream (mentioned in their release
notes), I think it would be best to adapt to it.

The debug output you quote is indeed a bit misleading (I think I'll take
that up with upstream), but there's a clue hiding in the successful
debug output:

  sshd[20199]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA 
SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU [preauth]

Note that the default for PubkeyAcceptedKeyTypes now ends with
"rsa-sha2-512,rsa-sha2-256,ssh-rsa" rather than just "ssh-rsa".
Therefore, things should work again if you set "PubkeyAcceptedKeyTypes
rsa-sha2-512,rsa-sha2-256,ssh-rsa".  Let me know if that works?

-- 
Colin Watson                                       [cjwat...@debian.org]

Reply via email to