OpenSSH Disabled RSA/SHA-1 Signature Algo By Default

[djmoch]

Pass currently offers outdated signature algorithms to the server when attempting to connect. This is why some users are having issues connecting when their server runs a newer version of OpenSSH (version 8.8 and newer).

I assume Pass uses a library to handle SSH, but I'll confess I can't figure out which one. That library should ideally be upgraded to a version that supports newer signature algorithms.

As for why the folks at OpenSSH think it's important to upgrade, here's a quote from their release notes:

Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

[AlexRamallo]

I believe the relevant dependency is libssh2 (through objective-git), which currently has an open issue and PR for this very problem. See:

• ssh2.sh test failed with OpenSSH 8.8p1 libssh2/libssh2#630
• RSA SHA2 256/512 key upgrade support libssh2 #536 libssh2/libssh2#626

From a quick glance, it looks like this app is currently building with libssh2 1.9.0, which is one version behind the latest release, although updating it won't fix this issue yet.

I guess we just have to wait for the next libssh2 (and possibly objective-git) release.

[mssun]

Please let us know if it's merged and released. We will keep our dependency updated.

[hoskeri]

Hello,

FYI, The above PRs appear to have been merged!

Thank you for writing the app, and looking forward to the fix!

[reasonableperson]

Can this issue be closed? I just tested Pass for iOS 0.12.0 and successfully connected to a server running OpenSSH 8.9, without enabling HostKeyAlgorithms +ssh-rsa and PubkeyAcceptedAlgorithms +ssh-rsa.

[martinhath]

I'm still hitting this, or so I think. I've got freshly generated SHA256 keys that are uploaded to GitHub, which works from my computer (for testing purposes). The same keys are on my phone, and upon trying to pull I'm getting

[...]
Underlying Error: ERROR: You're using an RSA key with SHA-1, which is no longer allowed
[...]

This was with ssh-keygen -t rsa. Using -t ed25519 gives me another error (now it's "GTCredentialProvider failed to provide credentials"), but this is probably a different issue altogether.

I'm running Pass for iOS 0.12.0 (62).

---

As a temporary measure I swapped to the ED keys, and got around the previously mentioned error by actually setting up the config correctly, as it turns out you need to write both user@github.com as well as having user in the username field below in the form. A more helpful error message would be useful here :)

[djmoch]

Can this issue be closed? I just tested Pass for iOS 0.12.0 and successfully connected to a server running OpenSSH 8.9, without enabling HostKeyAlgorithms +ssh-rsa and PubkeyAcceptedAlgorithms +ssh-rsa.

No. This is still not working for me. To my knowledge this hasn’t been fixed. If it’s working for you, then most likely your distribution is just re-enabling the weaker algorithm.

[djmoch]

@mssun Have you had a chance to update the SSH dependency?

[imocode]

I moved from Android to IOS recently, and when trying to connect with this app I get this:

Failed to clone...

Underlying Error: ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.

Think is my key is ed25519, so I guess my issue is related to this thread.

Any comments?

[martinhath]

@imocode: In the end, I had to use RSA instead of ED, and have the username in both the Git repository URL field and in the username field. I.e. in the form git repository URL says ssh://git@github.com/martinhath/reponame, branch name says the branch name, username says git, and authentication method is SSH Key.

I'm not sure why this fixed it for me, but it does work fine now.

[wwwjfy]

It's a long dependency chain. passforios => objective-git-swift-package => objective-git => libssh2 and libssh2 has not released its support (last release was 1+ year ago.

I had to use local build, to get it work:

• Clone https://github.com/mssun/objective-git
• Update submodule in External/libssh2 to switch to master branch
• Run script/build_xcframework.sh to build xcframework in objective-git/Framework/ObjectiveGit.xcframework
• In passforios, remove objective-git-swift-package dependency and add the above ObjectiveGit.xcframework
• Build

[mernisse]

Looks like libssh2 1.11.0 has been out with fixes for this, any chance of updating and building a new release? I'd like to remove the legacy key workaround from my ssh server.