At work, one of our partners updated their SFTP server to support SHA-2 with the RSA host key exchange. It started failing to validate in our scheduled job using phpseclib. A quick test showed that OpenSSH still writes a known_hosts entry for the key as type ssh-rsa, which is the format I used when validating with phpseclib.
The problem is, OpenSSH stores information on the key only; this is an RSA key, no matter what signature type is used in the KEX algorithm actually performed, so OpenSSH always records it as “ssh-rsa” type. However, `phpseclib` passes the exact host key algorithm that was used to the verifier code. My naïve comparison of previous ssh-rsa BASE/64 reference string to rsa-sha2-256 BASE/64 from the library began failing, in spite of having the same RSA key in the BASE/64 text.
For my purposes, I just updated the expected algorithm, so that it will fail if someone manages to downgrade back to SHA-1. (Of course, it’s also possible that I’m holding phpseclib wrong, and they have better verification baked in somewhere.)
No comments:
Post a Comment