go: x/crypto/ssh: rsa-sha2-256/rsa-sha2-512 tracking issue
OpenSSH migrated the ssh-rsa key type, which historically used the ssh-rsa signature algorithm based on SHA-1, to the new rsa-sha2-256 and rsa-sha2-512 signature algorithms.
x/crypto/ssh was not ready for the key type / signature algorithm mismatch, so it needs a few changes. Moreover, OpenSSH implemented a few mechanisms at the same time to enable the rollout, which we need to assess and expose.
This is a tracking issue for the effort in general. Here’s a list of not-duplicate related issues:
We’ll also need some tests against OpenSSH proper, like the crypto/tls recorded tests against OpenSSL, since https://golang.org/cl/220037 turned out to be a partial fix.
About this issue
- Original URL
- State: open
- Created 3 years ago
- Reactions: 23
- Comments: 27 (15 by maintainers)
Commits related to this issue
- update all images to Alpine 3.15 The [alpine-chroot-install] upgrade is needed for [this commit] where the Alpine 3.15 signing keys are added to the known key list. Gotcha to be aware of: The go ss... — committed to bfritz/homelab-bootstrap by bfritz 3 years ago
- update all images to Alpine 3.15 The [alpine-chroot-install] upgrade is needed for [this commit] where the Alpine 3.15 signing keys are added to the known key list. Gotcha to be aware of: The go ss... — committed to bfritz/homelab-bootstrap by bfritz 3 years ago
- ssh: deprecate and replace SigAlgo constants RFC 8332, Section 2 sets up two overlapping namespaces: public key formats and public key algorithms. * The formats are what we currently have KeyAlgo co... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: don't advertise rsa-sha2 algorithms if we can't use them The server implementation looks at the HostKeys to advertise and negotiate host key signature algorithms. A fundamental issue of the Sign... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 for client authentication CL 220037 had implemented support for host authentication using rsa-sha2-256/512, but not client public key authentication. OpenSSH disabled th... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: deprecate and replace SigAlgo constants RFC 8332, Section 2 sets up two overlapping namespaces: public key formats and public key algorithms. * The formats are what we currently have KeyAlgo co... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: don't advertise rsa-sha2 algorithms if we can't use them The server implementation looks at the HostKeys to advertise and negotiate host key signature algorithms. A fundamental issue of the Sign... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 for client authentication CL 220037 had implemented support for host authentication using rsa-sha2-256/512, but not client public key authentication. OpenSSH disabled th... — committed to CircleCI-Public/golang-crypto by FiloSottile 2 years ago
- ssh: deprecate and replace SigAlgo constants RFC 8332, Section 2 sets up two overlapping namespaces: public key formats and public key algorithms. * The formats are what we currently have KeyAlgo co... — committed to golang/crypto by FiloSottile 2 years ago
- ssh: don't advertise rsa-sha2 algorithms if we can't use them The server implementation looks at the HostKeys to advertise and negotiate host key signature algorithms. A fundamental issue of the Sign... — committed to golang/crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 for client authentication CL 220037 had implemented support for host authentication using rsa-sha2-256/512, but not client public key authentication. OpenSSH disabled th... — committed to golang/crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 for client certificates The server-sig-algs logic was not working for certificate algorithms. Follow-up on CL 392394. Tested with OpenSSH 8.8 configured with Pubke... — committed to golang/crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 for client certificates The server-sig-algs logic was not working for certificate algorithms. Follow-up on CL 392394. Tested with OpenSSH 8.8 configured with Pubke... — committed to jorgemarey/crypto by FiloSottile 2 years ago
- ssh: deprecate and replace SigAlgo constants RFC 8332, Section 2 sets up two overlapping namespaces: public key formats and public key algorithms. * The formats are what we currently have KeyAlgo co... — committed to a1comms/xcrypto by FiloSottile 2 years ago
- ssh: don't advertise rsa-sha2 algorithms if we can't use them The server implementation looks at the HostKeys to advertise and negotiate host key signature algorithms. A fundamental issue of the Sign... — committed to a1comms/xcrypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 on the server side This lets clients know we support rsa-sha2-256/512 signatures from ssh-rsa public keys. OpenSSH prefers to break the connection rather than attempting... — committed to euank/crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 on the server side This lets clients know we support rsa-sha2-256/512 signatures from ssh-rsa public keys. OpenSSH prefers to break the connection rather than attempting... — committed to golang/crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 on the server side This lets clients know we support rsa-sha2-256/512 signatures from ssh-rsa public keys. OpenSSH prefers to break the connection rather than attempting... — committed to tailscale/golang-x-crypto by FiloSottile 2 years ago
- ssh: support rsa-sha2-256/512 on the server side This lets clients know we support rsa-sha2-256/512 signatures from ssh-rsa public keys. OpenSSH prefers to break the connection rather than attempting... — committed to tailscale/golang-x-crypto by FiloSottile 2 years ago
- fix: bump golang.org/x/crypto for rsa-sha2 ssh server support See https://github.com/golang/go/issues/49952#issuecomment-1312521096 — committed to uselagoon/lagoon-ssh-portal by smlx 2 years ago
Server-side support for rsa-sha2-256/512 is now in master, and available as version v0.2.1-0.20221112162523-6fad3dfc1891.
@golang/release, can we get a v0.2.1 tag, since this fixes compatibility with a wide range of clients?
👋 I ran into this issue with my project: https://github.com/owenthereal/upterm/issues/93#issuecomment-1045387517. I’m wondering whether there is anything I could help.
I think this issue can be closed, now we should support everything related to rsa-sha-2 and since version 0.16.0 we have also fixed all known regressions.
Just for tracking purposes, this doesn’t fix the client-half regression mentioned in https://github.com/golang/go/issues/56342