SSH Certificate signing

I’ve encountered a problem migrating from Fedora to Arch which ends up being about ssh and openssh certificates. I look back and discover that I never posted anything about my movement toward openssh certificates. Curious because I wrote a lengthy document about it (because of my leaky brain – not because I am any kind of authority on it).

I will probably go back and write a post about it, and back date it. But now a problem has arisen. Rather than explain, let the boys at openssh speak for themselves, in the release notes for openssh 8.2:

It is now possible to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

however, later in the document:

...this release removes the "ssh-rsa"    (RSA/SHA1) algorithm from those accepted for certificate signatures...

So, you can still use the broken sha1 for a while, if you insist, but for certificates, not so much. Certificates previously signed on an older version of openssh, with the (then) default rsa_sha1 will not be accepted by a “current” version of openssh.

My running oregano is on Fedora 30, which has openssh 8.0p1. The Arch I am building has openssh 8.2p1, which has this new prohibition against certificates signed with ssh-rsa, which is ALL OF THEM, since, at the time they were created (within the last six months) that was the default. It is a brand new feature to even be able to specify when signing the certificates what algorithm you want.

So as soon as I boot up oregano on Arch, none of the boxes that attempt to connect can succeed. They are all using certificates now. So I am going to have to reissue the certificates on all of them before I can move oregano to Arch.