I’ve encountered a problem migrating from Fedora to Arch which ends up being about ssh and openssh certificates. I look back and discover that I never posted anything about my movement toward openssh certificates. Curious because I wrote a lengthy document about it (because of my leaky brain – not because I am any kind of authority on it). <\/p>\n\n\n\n
I will probably go back and write a post <\/a>about it, and back date it. But now a problem has arisen. Rather than explain, let the boys at openssh speak for themselves, in the release notes for openssh 8.2: <\/p>\n\n\n\n\n\n\n\n however, later in the document: <\/p>\n\n\n\n So, you can still use the broken sha1 for a while, if you insist, but for certificates, not so much. Certificates previously signed on an older version of openssh, with the (then) default rsa_sha1 will not be accepted by a “current” version of openssh. <\/p>\n\n\n\n My running oregano is on Fedora 30, which has openssh 8.0p1. The Arch I am building has openssh 8.2p1, which has this new prohibition against certificates signed with ssh-rsa, which is ALL OF THEM, since, at the time they were created (within the last six months) that was the default. It is a brand new feature to even be able to specify when signing the certificates what algorithm you want. <\/p>\n\n\n\n So as soon as I boot up oregano on Arch, none of the boxes that attempt to connect can succeed. They are all using certificates now. So I am going to have to reissue the certificates on all of them before I can move oregano to Arch. <\/p>\n","protected":false},"excerpt":{"rendered":" I’ve encountered a problem migrating from Fedora to Arch which ends up being about ssh and openssh certificates. I look back and discover that I never posted anything about my movement toward openssh certificates. Curious because I wrote a lengthy document about it (because of my leaky brain – not because I am any kind … Continue reading SSH Certificate signing<\/span> It is now possible to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the \"ssh-rsa\" public key signature algorithm that depends on SHA-1 by default in a near-future release.<\/pre>\n\n\n\n
...this release removes the \"ssh-rsa\" (RSA\/SHA1) algorithm from those accepted for certificate signatures...<\/pre>\n\n\n\n