Bug 3228

Summary: A client with an ssh agent can login with a revoked certificate
Product: Portable OpenSSH Reporter: sebelk
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: security CC: djm
Priority: P5    
Version: 8.0p1   
Hardware: Other   
OS: Linux   

Description sebelk 2020-11-03 22:38:31 AEDT 
A client with a ssh agent can login with a revoked certificate.

Steps:

1. On ssh server (CentOS 8) revoke a client certificate 
ssh-keygen -k -f  /etc/ssh/keys/krl.list -z1  sergio_id_rsa-cert.pub

2. Verify that client is revoked

 ssh-keygen -v -Q -f /etc/ssh/keys/krl.list /etc/ssh/keys/sergio_id_rsa-cert.pub
debug1: KRL version 1 generated at 20201103T104547
/etc/ssh/keys/sergio_id_rsa-cert.pub (sergio@dublin.ireland.home): REVOKED

2. On a ssh client check that ssh-agent is running

pgrep -a ssh-agent
4487 /usr/bin/ssh-agent /bin/sh -c exec -l /bin/bash -c "/usr/bin/startplasma-x11"

3. From that ssh client try to connect to ssh server with the revoked certificate:

ssh  -i .ssh/sergio_lxc-cert.pub root@10.0.3.111 
Last login: Tue Nov  3 11:11:29 2020 from 10.0.3.1
[root@centos8-neovim ~]# 

What one can expect is that ssh server reject the attempt but it does not:

log file has:

... Accepted publickey for root from 10.0.3.1 port 48524...

Only after deleting identity from the agent on ssh client side the ssh server rejects the agent:


ssh-add -d /home/sergio/.ssh/id_rsa_SA
Identity removed: /home/sergio/.ssh/id_rsa_SA 


error: Authentication key ... revoked by file /etc/ssh/keys/krl.list


So, one depends of the good will of the client side of removing the identity of agent.

(the client used in this testing is openssh-8.3p1 on Fedora 32

Note: I've found that adding the certificate as plain text on RevokedKey file prevent the login immediately, but one can depend on having the complete original certificate on hand.
Comment 1 sebelk 2020-11-04 05:09:18 AEDT 
Errata: "but one can depend on having the complete original certificate on hand." should be "but one must depend on having the complete original certificate on hand."
Comment 2 sebelk 2020-11-04 06:57:44 AEDT 
Using Debian 9 as ssh server with version 7.4p1 : I can login even using plain text on RevokedKeys files and deleting the private key on the ssh-agent of client side...
Comment 3 sebelk 2020-11-04 08:38:25 AEDT 
Mi mistake with mi earlier comment: I forget reload the service on Debian, however on CentOS I really double checked that.
Comment 4 Damien Miller 2020-11-04 11:58:54 AEDT 
Please attach a debug log from sshd showing a successful login with the revoked key.
Comment 5 sebelk 2020-11-05 01:10:43 AEDT 
(In reply to Damien Miller from comment #4)
> Please attach a debug log from sshd showing a successful login with
> the revoked key.

Thanks Damien for your fast answer. I've found that client ssh was trying more available certificates that was cached certificates and some of them were not revoked, my apologies for the noise. You may want to close the bug report.
Comment 6 Damien Miller 2020-11-05 14:54:37 AEDT 
No worries!
Comment 7 Damien Miller 2021-03-04 09:53:27 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle