ssh -Q key not listing all key types?



  • I am having some problems with understanding which types of host keys my SSH daemon actually provides or supports (stock debian buster, sshd 7.9.p1). From the manual (man sshd_config😞

     HostKeyAlgorithms
             Specifies the host key algorithms that the server offers.  The default for this option is:
    
                ecdsa-sha2-nistp256-cert-v01@openssh.com,
                ecdsa-sha2-nistp384-cert-v01@openssh.com,
                ecdsa-sha2-nistp521-cert-v01@openssh.com,
                ssh-ed25519-cert-v01@openssh.com,
                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
                ssh-rsa-cert-v01@openssh.com,
                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    
             The list of available key types may also be obtained using "ssh -Q key".
    

    Please note the last line. When following the advice given there:

    root@odysseus /var/log # ssh -Q key
    ssh-ed25519
    ssh-ed25519-cert-v01@openssh.com
    ssh-rsa
    ssh-dss
    ecdsa-sha2-nistp256
    ecdsa-sha2-nistp384
    ecdsa-sha2-nistp521
    ssh-rsa-cert-v01@openssh.com
    ssh-dss-cert-v01@openssh.com
    ecdsa-sha2-nistp256-cert-v01@openssh.com
    ecdsa-sha2-nistp384-cert-v01@openssh.com
    ecdsa-sha2-nistp521-cert-v01@openssh.com
    

    I've got two questions:

    1. As an example, the man page states that rsa-sha2-256 is part of the default for HostKeyAlgorithms. But this string does not appear in the output of ssh -Q key.

      How does this fit together? How can something be a default which even doesn't exist?

      The above example implies that ssh-rsa might be insecure, because it doesn't have sha2 in its name, and thus might be sha1 or even md5 based.

    2. What does the string -cert-v01@openssh.com in some of the algorithm type names mean? Are these the types for certificate-based authentication?



  • What you're asking for here with ssh -Q key is a listing of all the key types. With the rsa-sha2-256 signature algorithm, as well as the obsolete ssh-rsa (RSA with SHA-1) algorithm, the key type is still ssh-rsa, since both types of signatures use the exact same key. If you want to know what signature types are available, run ssh -Q sig (example from my Debian sid system):

    $ ssh -Q sig
    ssh-ed25519
    sk-ssh-ed25519@openssh.com
    ssh-rsa
    rsa-sha2-256
    rsa-sha2-512
    ssh-dss
    ecdsa-sha2-nistp256
    ecdsa-sha2-nistp384
    ecdsa-sha2-nistp521
    sk-ecdsa-sha2-nistp256@openssh.com
    webauthn-sk-ecdsa-sha2-nistp256@openssh.com
    

    On newer versions of OpenSSH, you also have ssh -Q HostKeyAlgorithms, which prints the values that are valid in that option:

    $ ssh -Q HostKeyAlgorithms
    ssh-ed25519
    ssh-ed25519-cert-v01@openssh.com
    sk-ssh-ed25519@openssh.com
    sk-ssh-ed25519-cert-v01@openssh.com
    ssh-rsa
    rsa-sha2-256
    rsa-sha2-512
    ssh-dss
    ecdsa-sha2-nistp256
    ecdsa-sha2-nistp384
    ecdsa-sha2-nistp521
    sk-ecdsa-sha2-nistp256@openssh.com
    webauthn-sk-ecdsa-sha2-nistp256@openssh.com
    ssh-rsa-cert-v01@openssh.com
    rsa-sha2-256-cert-v01@openssh.com
    rsa-sha2-512-cert-v01@openssh.com
    ssh-dss-cert-v01@openssh.com
    ecdsa-sha2-nistp256-cert-v01@openssh.com
    ecdsa-sha2-nistp384-cert-v01@openssh.com
    ecdsa-sha2-nistp521-cert-v01@openssh.com
    sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
    

    Note that whether your fingerprint is SHA-2 or not has nothing to do with the signature algorithm. If you generate an RSA key, it can be used for both SHA-1 and SHA-2 signature unless you specify otherwise. You would typically want to remove ssh-rsa from the HostKeyAlgorithms option unless you have a compelling reason to use it, or you can just solve the problem entirely by using an Ed25519 key, which always uses a secure algorithm.

    The -cert-v01@openssh.com type indicates an OpenSSH certificate. This is useful if you have a controlled environment, like a company, and you want to create a certificate authority to sign OpenSSH keys and restrict access to only those keys.



Suggested Topics

  • 2
  • 2
  • 2
  • 3
  • 2
  • 2
  • 2
  • 2