SSH Key Compatibility Issue on Ubuntu 22.04: ISO Recommendations

[Dipu Haridas]

Hello Team,

We currently run Gerrit 3.4.5, and most of our users access Gerrit from Ubuntu 20.04 using SSH RSA keys. However, we've encountered an issue with connecting from Ubuntu 22.04 hosts using the same RSA keys. It seems that Ubuntu 22.04 no longer supports RSA+SHA1.

To address this problem, we have the option to allow RSA+SHA1 by using the "PubkeyAcceptedKeyTypes +ssh-rsa" option on the client side. However, I'm concerned about potential security risks associated with this approach. I would like to find the best way forward while maintaining a secure environment.

Considering this, would it be advisable to recommend that our users switch to stronger key types such as RSA+SSH2, ed25519, or ECDSA? Your inputs on this matter would be appreciated. Thank you in advance.

Thanks,

Dipu H

[Sven Selberg]

@DAY_JOB we reccommend id_ed25519 which has a (so far) stable and secure algorithm (and a very short public key ;-) ).

 

Thanks,

Dipu H

[Amal Babu S]

Hi Dipu & Sven,

Sorry for the cross post.

On related note I am facing ssh authentication issue with ed25519_sk security key. I have added all the details in the below thread. Would you please check if possible.

https://groups.google.com/g/repo-discuss/c/1XNIZt5tfa0/m/wIT7WzQjAAAJ

Regards,

Amal

[Clark Boylan]

On Tue, Jun 20, 2023 at 10:53 AM Dipu Haridas <haridas...@gmail.com> wrote:
>
> Hello Team,
>
> We currently run Gerrit 3.4.5, and most of our users access Gerrit from Ubuntu 20.04 using SSH RSA keys. However, we've encountered an issue with connecting from Ubuntu 22.04 hosts using the same RSA keys. It seems that Ubuntu 22.04 no longer supports RSA+SHA1.

Newer OpenSSH versions (8.8 and newer) have, by default, disabled
RSA+SHA1 in favor of RSA+SHA2 [0]. This problem affects any system
(including others like Debian, OpenSUSE, Fedora, etc) with an up to
OpenSSH installation.

>
> To address this problem, we have the option to allow RSA+SHA1 by using the "PubkeyAcceptedKeyTypes +ssh-rsa" option on the client side. However, I'm concerned about potential security risks associated with this approach. I would like to find the best way forward while maintaining a secure environment.
>
> Considering this, would it be advisable to recommend that our users switch to stronger key types such as RSA+SSH2, ed25519, or ECDSA? Your inputs on this matter would be appreciated. Thank you in advance.

To be clear there is no RSA+SHA2 or RSA+SHA1 key type. The key type
remains RSA in both cases. Then at runtime the client and server
negotiate exchange of key material using specific hashes. It is the
runtime option to use SHA1 that is deprecated and disabled by default.
To enable the use of SHA2 with RSA both the client and server need to
support SSH key exchange extensions to negotiate this newer hash
function. In this case the Gerrit SSH server did not do this until
Gerrit 3.6 (we did eventually backport to Gerrit 3.5 as well).

This means your options are roughly to 1) enable SHA1 on the client
side (probably not a great idea given OpenSSH is deprecating it), 2)
Use a different key type like ed25519 or ecdsa (has broad
compatibility and doesn't require changing any software), or 3)
Upgrade Gerrit to 3.5 or newer.

In my case I personally switched to ed25519 keys while we worked on
patching MINA and Gerrit and upgrading our local installation. Our
Gerrit install is up to date and doesn't have this problem but I
didn't bother switching back to RSA keys as my new keys are working
fine.

>
> Thanks,
> Dipu H
>

[0] https://www.openssh.com/txt/release-8.8 Under
"Potentially-incompatible changes"