Bug 2686

Summary:

SSHD segfaults when trying to load RSA1 host keys

Product:

Portable OpenSSH

Reporter:

Jakub Jelen <jjelen>

Component:

sshd

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

djm, dtucker

Priority:

Keywords:

patch

Version:

7.4p1

Hardware:

Other

OS:

Linux

Bug Depends on:

Bug Blocks:

2647

Attachments:

Description	Flags
possible patch	none
don't load RSA1 hostkeys	dtucker: ok+

Description Jakub Jelen 2017-03-02 03:46:53 AEDT

Created attachment 2952 [details]
possible patch

During the transition from Protocol 1 and older openssh versions there is a possibility that the old configuration files will still have some of the old configuration options including the HostKeys pointing to the old key types (RSA1). I found in my sshd_config such a line and after updating OpenSSH I was unable to connect:

  HostKey /etc/ssh/ssh_host_key

Removing the above line will make sshd work again.

GDB traceback:

Program received signal SIGSEGV, Segmentation fault.

#0  match_pattern (s=s@entry=0x0, 
    pattern=pattern@entry=0x7fffffffd520 "ecdsa-sha2-nistp256-cert-v01@openssh.com") at match.c:98
#1  0x00005555555a7af3 in match_pattern_list (string=0x0, 
    pattern=pattern@entry=0x555555831aa0 "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v0"..., dolower=dolower@entry=0) at match.c:156
#2  0x000055555556447c in list_hostkey_types () at sshd.c:794
#3  do_ssh2_kex () at sshd.c:2327
#4  0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181

Problem is in  list_hostkey_types()  which is not checking the return value of  sshkey_ssh_name() (for RSA1 returns NULL).

The openssh is build --with-ssh1 (to support SSH1 in clients), but that should not matter.

I am not sure about the plans what everything will be removed in next release and if if maters for future, but certainly it maters for us that it is crashing sshd at this moment.

Comment 1 Jakub Jelen 2017-03-02 03:50:33 AEDT

well ... or just don't load the RSA1 keys in first place in sshd ... it might cause more problems in other code.

Comment 2 Jakub Jelen 2017-03-02 04:34:48 AEDT

With the above patch I am failing just litle bit further (but not segfault fortunately):

Mar 01 18:05:49 rhel7 sshd[23583]: fatal: notify_hostkeys: couldn't put hostkey 0: unknown or unsupported key type

Basically reverting the SSH1 these bits makes it pass for me:

@@ -847,7 +848,7 @@ notify_hostkeys(struct ssh *ssh)
 	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
 		key = get_hostkey_public_by_index(i, ssh);
 		if (key == NULL || key->type == KEY_UNSPEC ||
-		    sshkey_is_cert(key))
+		    key->type == KEY_RSA1 || sshkey_is_cert(key))
 			continue;
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);

Comment 3 Damien Miller 2017-03-15 12:38:48 AEDT

Created attachment 2963 [details]
don't load RSA1 hostkeys

This skips RSA1 keys when they are loaded.

Comment 4 Damien Miller 2017-03-15 13:18:40 AEDT

Applied. This will be in OpenSSH 7.5, due next week.

Comment 5 Damien Miller 2021-04-23 15:00:57 AEST

closing resolved bugs as of 8.6p1 release