[JENKINS-62311] Add support for RFC 8332

[jvz]

This adds support for the two new key algorithms specified in RFC 8332: RSA with SHA-256 and SHA-512. These still use the same key format as the SHA-1 variant (ssh-rsa), though the signature names are updated to rsa-sha2-256 and rsa-sha2-512.

Tested with OpenSSH 8.1p1 on macOS and with the Docker images. Locally, I configured sshd to only allow HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256 which forced the client to use one of the two added algorithms. This worked after I updated my known hosts file accordingly which was previously defaulting to ECDSA (tested with SSH Build Agents plugin in Jenkins master).

Compare to #43 which initially tried to implement this incorrectly.

Signed-off-by: Matt Sicker boards@gmail.com

@jeffret-b @Wadeck @daniel-beck

[jvz]

I've additionally tested this in the following setups (all successfully):

Jenkins master: on macOS 10.15.4
Jenkins agent: on same computer using OpenSSH 8.1p1; on a separate computer entirely on Google Cloud

I tested this both with and without allowing the old SHA-1 RSA key types enabled. I tested with an RSA authentication key and an Ed25519 authentication key. If this library supported it, it could've even verified the SSHFP DNS record matches the host fingerprints, but that's sort of bleeding edge (I had to install OpenSSH 8.3p1 from homebrew to get it to work locally).

My tests checked out a repo from github and ran a maven build. Pretty standard stuff. I'm confident this patch works.

[Wadeck]

Not an expert in the domain but the code seems good (as was the first bugged version)

I imagine having some integration tests is too expensive so fine with the current status as it was manually tested.

[kuisathaverat]

I have to test it, but the code looks fine.

[jvz]

I should note that my remote agent was running Java 11, but I don't think that changes anything here.

[jvz]

@kuisathaverat can I get a re-review?

[kuisathaverat]

I have created two keys with the following commands and test to connect with the in the current version of the plugin, they work, so this change is not needed to make then work.

	ssh-keygen -t rsa-sha2-256 -b 4096 -f ssh-agent/ssh/rsa-256-key -N ""
	ssh-keygen -t rsa-sha2-512 -b 4096 -f ssh-agent/ssh/rsa-512-key -N ""

Can you provide a command to generate a key that is not supported?

I testing this environment https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-62311

[jvz]

The key format didn't change here; only the signature format. The keys still use RSA, but the signatures are updated to use RSA with SHA-2 instead of SHA-1. To test this out, you need to disable the ssh-rsa option in PubkeyAcceptedKeyTypes in the agent's /etc/ssh/sshd_config (complementary to the HostbasedAcceptedKeyTypes option). You can also remove it from the HostKeyAlgorithms section, though that's relevant to the SSH client more so than the server (and would need a future update on our side in Trilead to disable the old variant).

OpenSSH hasn't disabled this by default quite yet, but they've been shouting about this in every release since OpenSSH 8.2 back in February 2020, and I'd expect them to disable it by default starting in 9.0.

[jvz]

I'll note that I was also confused by that initially, and that's why my previous patch didn't work properly. I even noticed a message on OpenSSH's dev list that someone else had the same confusion when implementing support for this as well.

The RFC for this was fairly short, and it references the SSH RFCs that already exist, so it sort of assumes you know what's going on already. In this case, they made the minimal change possible to the standards to support SHA-2-based signatures for already specified signature algorithms from the original standard.

[kuisathaverat]

I have updated the environment to make the test https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-62311 but I did not found a way to generate the public keys signed with rsa-sha2-256 are always signed as ssh-rsa, I have OpenSSH_8.1p1, LibreSSL 2.7.3 that is supposed support it, I will try to make it on the latest Ubuntu or Debian.

[jvz]

If you read the RFC and in particular section 3, you'll see which limited areas are modified to indicate that it's SHA-2 instead of SHA-1. Try adding this option to your sshd_config file:

PubkeyAcceptedKeyTypes -ssh-rsa

There's a related option you may also need to set:

HostKeyAlgorithms -ssh-rsa

Alternatively, you can disable everything else and only explicitly enable the two signature types in question:

PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256

Same for HostKeyAlgorithms.

[kuisathaverat]

Y have configured the other way around, the -ssh-rsa does not work in my docker images https://github.com/kuisathaverat/jenkins-issues/blob/master/JENKINS-62311/ssh-agent/Dockerfile#L14-L16

Since RSA keys are not dependent on the choice of hash function, the
new public key algorithms reuse the "ssh-rsa" public key format as
defined in [RFC4253]:
string "ssh-rsa"
mpint e
mpint n

These are my problem I think that the public key format changed but is not.

[jvz]

Like I said, I had the same confusion in my previous PR which is why it didn't work with other SSH implementations. :)

[kuisathaverat]

finally, I've realized why does not work on my environment, Debian 10 uses openssh-server/stable,now 1:7.9p1-10+deb10u2 and it seems does not have support for rsa-sha256/512, so the jenkins/ssh-agent does not support it yet, I have to upgrade to openSSH 8.1

ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

I have upgrade to bulleye and upgrade the packages, but the OpenSSH 8.3 compiled for Debian bulleye does not have support for those ciphers, Which distribution did you use?

OpenSSH_8.3p1 Debian-1, OpenSSL 1.1.1g  21 Apr 2020
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]

ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ecdsa-sha2-nistp256@openssh.com
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com

[jvz]

It's not a key type because the key type is still ssh-rsa. Try ssh -Q sig:

ssh -V
OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020

ssh -Q sig
ssh-ed25519
sk-ssh-ed25519@openssh.com
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ecdsa-sha2-nistp256@openssh.com

ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ecdsa-sha2-nistp256@openssh.com
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com

[kuisathaverat]

I saw it, the rsa-sha2-256 is connected now, I am checking the rsa-sha2-512

[kuisathaverat]

done LGTM

[kuisathaverat]

I will release it Tomorrow

[jvz]

Great, thanks!