experchange > shell

Jean F. Martinelle (02-24-20, 08:32 PM)
I am looking into RFC 8832, where the RSA-based host algorithms
that use SHA-2 are defined. I find the following paragraph in that
document confusing:

"All aspects of the "ssh-rsa" format are kept, including the
encoded string "ssh-rsa". This allows existing RSA keys to be used with
the new public key algorithms, without requiring re-encoding or affecting
already trusted key fingerprints."

There are nwe identifiers for the RSA-based algorithms that use
SHA-2: "rsa-sha2-256" and "rsa-sha2-512". From this I gather that when a
client specifies preference for (say) "rsa-sha2-256", the server will
offer an RSA host key with a SHA-256 algorithm for digests. If the client
prefers "sha-rsa", I would have thought that the server would use an RSA
key and the SHA-1 algorithm.

My first assumption seems to be borne out by the second sentence
in the paragraph above. What is throwing me a bit off balance is the
"including the encoded string "ssh-rsa"" part of the first sentence.

I believe that, in essence, what the authors meant is that "ssh-
rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
key used for "ssh-rsa" can be used, without any changes to the key
itself, with "rsa-sha2-256" and "rsa-sha2-512".

Is this the correct interpretation?
Christian Weisgerber (02-24-20, 11:58 PM)
On 2020-02-24, Jean F. Martinelle <JFMart> wrote:

[RFC 8332]
> "All aspects of the "ssh-rsa" format are kept, including the
> encoded string "ssh-rsa". This allows existing RSA keys to be used with
> the new public key algorithms, without requiring re-encoding or affecting
> already trusted key fingerprints."


> I believe that, in essence, what the authors meant is that "ssh-
> rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
> key used for "ssh-rsa" can be used, without any changes to the key
> itself, with "rsa-sha2-256" and "rsa-sha2-512".


Yes.
It also means that references to a key proper, e.g. this entry from
my ~/.ssh/known_hosts, will remain unchanged.

sushi.unix-ag.uni-kl.de ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA126tYr4R3gmXSBeY8pt2gd AZxmNhnIUqRK9lxlaTxRfZxB9i5Q9Kc2m0IVOtcKcbGppX3cPC 9mWmDA/desbB1guEDOLuc5emNn1K0bXMtFyUhD9W7EsHTF5mDyjDj9GuV 7thWG91dQX+PXNPcer5KThMaI3qqYh70XEJveCUr/c=

This is still an "ssh-rsa" host key and can be used with any of the
ssh-rsa, rsa-sha2-256, or rsa-sha2-512 as host key algoritm.