[conspire] (forw) Re: [artix-general] [mrbrklyn at panix.com: [Hangout - NYLXS] RSA finally being put to pasture]

Rick Moen rick at linuxmafia.com
Wed Sep 29 23:29:33 PDT 2021 

Short answer: no.

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 29 Sep 2021 23:28:52 -0700
From: Rick Moen <rick at linuxmafia.com>
To: Ruben Safir <ruben at mrbrklyn.com>
Subject: Re: [artix-general] [mrbrklyn at panix.com: [Hangout - NYLXS] RSA
	finally being put to pasture]
Organization: If you lived here, you'd be $HOME already.

Quoting Ruben Safir (ruben at mrbrklyn.com):

> With the latest openssh updates, the rsa algorithm is being retired
> after decades of use

No, it's not.

In fairness, you were relying on Atlassian, and they're grossly
mistaken.


> https://confluence.atlassian.com/bitbucketserverkb/ssh-rsa-key-rejected-with-message-no-mutual-signature-algorithm-1026057701.html

Page says:

  Cause

  The RSA algorithm is being quickly deprecated across operating systems
  and SSH clients because of various security vulnerabilities, with many
  of these technologies now outright denying the use of this algorithm.

  For example - here is the announcement[1] from OpenSSH regarding their
  upcoming deprecation of the ssh-rsa algorithm.

  [1] https://www.openssh.com/txt/release-8.2

Yeah, that's the "ssh-rsa" algorithm, a _certificate signature_
algorithm for RSA keys -- and it's being deprecated because of
longstanding flaws in the SHA-1 hash algorithm, _not_ in the RSA
public-key cipher.

As the OpenSSH release notes point out, superior _signature_ 
algorithms include rsa-sha2-256 and rsa-sha2-512, which, you'll
note, are combinations of RSA keys with SHA2 digest (hash) algorithms.

Accordingly, OpenSSH is removing "ssh-rsa" from (RSA/SHA1) the accepted
CASignatureAlgorithms list -- but is not removing anything about or
concerning RSA, only concerning SHA1.

The dolts^W kind people at Atlassian don't seem to have bothered to
actually read the page they cited.

The dropping of "ssh-rsa" _signatures_ from the _certificate signature_
list on the ssh client side may be a pain in the neck.  If that happens
to you, you can add it back to $HOME/.ssh/config 's
CASignatureAlgorithms line, for the time being.  In the longer term, 
yes, SHA1 is overdue to die.

More at:
https://security.stackexchange.com/questions/255074/why-are-rsa-sha2-512-and-rsa-sha2-256-supported-but-not-reported-by-ssh-q-key



----- End forwarded message -----

More information about the conspire mailing list