Bug 2994

Summary: SSH certificate signing does not work with SHA256 hashing algorithm
Product: Portable OpenSSH Reporter: denisenkom
Component: ssh-keygenAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: djm
Priority: P5    
Version: 7.9p1   
Hardware: amd64   
OS: Mac OS X   

Description denisenkom 2019-04-16 06:00:43 AEST 
Repro instructions:
ssh-keygen -f server_ca
ssh-keygen -f userkey
ssh-keygen -s server_ca -I ident -t rsa-sha2-256 -n user userkey.pub && ssh-keygen -L -f userkey-cert.pub
Signed user key userkey-cert.pub: id "ident" serial 0 for user valid forever
userkey-cert.pub:
        Type: ssh-rsa-cert-v01@openssh.com user certificate
        Public key: RSA-CERT SHA256:vGA3iSIWLZNdTjBoKzzAGH8daBV9Kvf9yZ3AhTyZ6IM
        Signing CA: RSA SHA256:TgQchZRAwiD8VRLdOmIDqoIyc6btwxIbPFMYI/JAUag
        Key ID: "ident"
        Serial: 0
        Valid: forever
        Principals: 
                user
        Critical Options: (none)
        Extensions: 
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc

As you can see certificate type is ssh-rsa-cert-v0, it should be rsa-sha2-256-cert-v01 instead.

The problem seems to be with sshkey_ssh_name function, which takes first matching key type (which is SHA1), if that is the right place than this function should be changed to also take into account hash algorithm.
Comment 1 Damien Miller 2019-05-10 14:38:19 AEST 
The key type remains ssh-rsa-cert-v01@openssh.com regardless of signature.

OpenSSH 8.0 includes the signature type in ssh-keygen -L output and this allows your to check the that it is what you expect. E.g. (note the "Signing CA" line)

[djm@hako ssh]$ ssh-keygen -Lf /tmp/k_rsa-cert.pub 
/tmp/k_rsa-cert.pub:
        Type: ssh-rsa-cert-v01@openssh.com user certificate
        Public key: RSA-CERT SHA256:/4T+gq8FyJEPTdXS1VaghSypcBubXiFW5AW4V0/a6VM
        Signing CA: RSA SHA256:sy2Nq/dLCwg2dESiOgCT0NmASiVIUCapmlkANCjTr2s (using rsa-sha2-256)
        Key ID: "id"
        Serial: 0
        Valid: forever
        Principals: (none)
        Critical Options: (none)
        Extensions: 
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc
Comment 2 Damien Miller 2021-04-23 15:03:35 AEST 
closing resolved bugs as of 8.6p1 release