Bug 1872 (fingerprint-alg) - Support better hash algorithms for key fingerprints (FIPS compat)
Summary: Support better hash algorithms for key fingerprints (FIPS compat)
Status: CLOSED FIXED
Alias: fingerprint-alg
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 normal
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: 1402 2165 V_6_8
  Show dependency treegraph
 
Reported: 2011-03-02 03:03 AEDT by jchadima
Modified: 2015-03-18 18:17 AEDT (History)
5 users (show)

See Also:

Attachments
Proposrd solution (16.53 KB, patch)
2011-03-02 03:04 AEDT, jchadima 		no flags Details | Diff
proposed solution (16.53 KB, patch)
2011-03-02 03:06 AEDT, jchadima 		no flags Details | Diff
add FingerprintType flag to ssh and sshd which is used to specify used fingerprint for keys (21.43 KB, patch)
2014-04-18 21:35 AEST, Petr Lautrbach 		no flags Details | Diff
FingerprintHash option (37.64 KB, patch)
2014-12-17 12:24 AEDT, Damien Miller 		no flags Details | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jchadima 2011-03-02 03:03:25 AEDT 
Majority of the fingerprints in openssh is MD5 based. The MD5 is banned in fips. There is a prposal how to deal with it.
Comment 1 jchadima 2011-03-02 03:04:59 AEDT 
Created attachment 2006 [details]
Proposrd solution
Comment 2 jchadima 2011-03-02 03:06:10 AEDT 
Created attachment 2007 [details]
proposed solution
Comment 3 Damien Miller 2012-02-24 10:34:27 AEDT 
Retarget from 6.0 to 6.1
Comment 4 Damien Miller 2012-02-24 10:38:06 AEDT 
Retarget 6.0 => 6.1
Comment 5 Damien Miller 2012-09-07 11:38:13 AEST 
Retarget uncompleted bugs from 6.1 => 6.2
Comment 6 Damien Miller 2012-09-07 11:40:40 AEST 
Retarget bugs from 6.1 => 6.2
Comment 7 tosesif 2013-02-14 05:16:22 AEDT 
Could you please show the hash algo in the text?

The authenticity of host '...' can't be established.
RSA key MD5|SHA1|SHA256 fingerprint is 15:6b:55:73:a0:1a:80:4d:88:27:46:a7:05:4c:16:b5.
Comment 8 Damien Miller 2013-03-08 10:23:55 AEDT 
retarget to openssh-6.3
Comment 9 Damien Miller 2013-07-25 12:17:53 AEST 
Retarget to openssh-6.4
Comment 10 Damien Miller 2013-07-25 12:20:48 AEST 
Retarget 6.3 -> 6.4
Comment 11 Damien Miller 2014-02-06 10:18:03 AEDT 
Retarget incomplete bugs / feature requests to 6.6 release
Comment 12 Damien Miller 2014-02-06 10:20:06 AEDT 
Retarget incomplete bugs / feature requests to 6.6 release
Comment 13 Damien Miller 2014-04-12 14:49:28 AEST 
Retarget to 6.7 release, since 6.6 was mostly bugfixing.
Comment 14 Damien Miller 2014-04-12 14:53:41 AEST 
Remove from 6.6 tracking bug
Comment 15 Petr Lautrbach 2014-04-18 21:28:31 AEST 
The original proposal used SSH_FINGERPRINT_TYPE environmental variable for configuration finger type. I'd rather use ssh and sshd option for that.

     FingerprintType
             Specifies the cryptographic hash function to use for keys fingeprints.
             The supported hashes are: “md5”, “sha1” and “sha256”.

             The default is “md5”


$ ssh -o FingerprintType=sha256  -p 2222 localhost
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
ECDSA key fingerprint is [sha256]5b:bc:6c:0a:b2:8d:84:eb:2a:6b:14:92:94:1c:85:b3:82:98:ba:b0:55:fd:2a:61:52:8c:b0:79:49:4b:e7:73.
Are you sure you want to continue connecting (yes/no)

or 

# sshd -o FingerPrintType=sha256 -o Port=2222 -f /etc/ssh/sshd_config -D -dd
...
debug1: matching key found: file /home/user/.ssh/authorized_keys, line 1 RSA [sha256]5f:ac:7f:dd:ce:19:46:c4:4d:b5:55:0b:a0:1a:46:49:93:09:31:4d:35:b7:e0:c0:85:d4:69:ec:c9:65:5c:c8
...
debug1: matching key found: file /home/user/.ssh/authorized_keys, line 1 RSA [sha256]5f:ac:7f:dd:ce:19:46:c4:4d:b5:55:0b:a0:1a:46:49:93:09:31:4d:35:b7:e0:c0:85:d4:69:ec:c9:65:5c:c8
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Accepted publickey for user from 127.0.0.1 port 50738 ssh2: RSA [sha256]5f:ac:7f:dd:ce:19:46:c4:4d:b5:55:0b:a0:1a:46:49:93:09:31:4d:35:b7:e0:c0:85:d4:69:ec:c9:65:5c:c8

Similarly for ssh-keygen, ssh-agent and ssh-add but using command line option. In case of ssh-keygen, it'll be quite hard to find unused letter.
Comment 16 Petr Lautrbach 2014-04-18 21:35:45 AEST 
Created attachment 2429 [details]
add FingerprintType flag to ssh and sshd which is used to specify used fingerprint for keys

ssh_config.5 and sshd_config.5:

     FingerprintType
             Specifies the cryptographic hash function to use for keys fingeprints.
             The supported hashes are: “md5”, “sha1” and “sha256”.

             The default is “md5”
Comment 17 Petr Lautrbach 2014-04-18 23:03:10 AEST 
(In reply to Petr Lautrbach from comment #15)
> Similarly for ssh-keygen, ssh-agent and ssh-add but using command
> line option. In case of ssh-keygen, it'll be quite hard to find
> unused letter.

So there are only three letters unused in all 3 tools: E U Y
Comment 18 Damien Miller 2014-08-30 04:38:00 AEST 
Retarget incomplete bugs to 6.8 release.
Comment 19 Damien Miller 2014-08-30 04:39:32 AEST 
These bugs are no longer targeted at the imminent 6.7 release
Comment 20 Damien Miller 2014-12-17 12:24:57 AEDT 
Created attachment 2518 [details]
FingerprintHash option

This adds a FingerprintHash option to sshd and ssh, and a -E flag to ssh-add, ssh-agent and ssh-keygen. Fingerprints are now prefixed with the hash algorithm used and non-MD5 hashes use base64 encoding rather than hex. The default fingerprint algorithm is SHA256.

Examples:

> ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub  
> 2048 SHA256:rLKEbjpoN2+kuMQB7EiPqaeHut65ZfSe/z1EaWtKEmk /etc/ssh/ssh_host_rsa_key.pub (RSA)
> +---[RSA 2048]----+
> |                 |
> |.                |
> |.o        .   .  |
> |= +    . E   +   |
> |.= . .  S . o .  |
> |o ...... . . +   |
> |o++ =o..  o +    |
> |=*+=++. .  ...   |
> |OO++*. o.... ..  |
> +----[SHA256]-----+
> 
> ssh-keygen -lE md5 -f /etc/ssh/ssh_host_rsa_key.pub
> 2048 MD5:3e:f9:51:d3:29:10:e7:a2:40:6f:2c:d2:7a:4c:bc:b2 /etc/ssh/ssh_host_rsa_key.pub (RSA)

BTW, I chose "FingerprintHash" rather than "FingerprintType" because we already have different types of fingerprints: hex, bubblebabble and randomart.
Comment 21 Petr Lautrbach 2014-12-18 02:25:06 AEDT 
It could be probably useful to add -E option to ssh-keygen usage message too:

--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -2196,7 +2196,7 @@ usage(void)
            "       ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
            "       ssh-keygen -y [-f input_keyfile]\n"
            "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
-           "       ssh-keygen -l [-f input_keyfile]\n"
+           "       ssh-keygen -l [-E fingerprint_hash] [-f input_keyfile]\n"
            "       ssh-keygen -B [-f input_keyfile]\n");
 #ifdef ENABLE_PKCS11
        fprintf(stderr,


So far it seems to work for me. Thanks!
Comment 22 Damien Miller 2014-12-22 17:32:25 AEDT 
Patch with (Petr's suggested usage() fix) applied. This will be in OpenSSH 6.8
Comment 23 Damien Miller 2015-03-18 18:17:14 AEDT 
openssh-6.8 is released