SSH from RHEL 9 to RHEL 6 systems or 3rd party application services does not work due to SHA1 being disabled
Environment
-
Source System
- Red Hat Enterprise Linux 9
- DEFAULT crypto policy (or more strict)
- Red Hat Enterprise Linux 9
-
Target system
- Red Hat Enterprise Linux 6
- openssh-server-5.3p1-124.el6_10.x86_64
or
- 3rd party application/services
- Example: Content from gitblit.com is not included.GitBlit as of Dec. 21, 2023
- Red Hat Enterprise Linux 6
Issue
-
Trying to open a SSH session from Red Hat Enterprise Linux 9 (RHEL 9) client to Red Hat Enterprise Linux 6 (RHEL 6) OpenSSH server fails with the following error message:
ssh_dispatch_run_fatal: Connection to 1.2.3.4 port 22: error in libcryptoor
Unable to negotiate with 1.2.3.4 port 22: no matching host key type found. Their offer: ssh-rsa -
I use a 3rd party application service not providing strong algorithms but only SHA1-based algorithms, for example 3rd party Content from gitblit.com is not included.GitBlit
Resolution
RHEL 6 has reached End of Life phase
Red Hat strongly recommends to upgrade all RHEL 6 systems to a more recent version of Red Hat Enterprise Linux also to benefit from the support for SHA2 with RSA keys. Please review the Red Hat Enterprise Linux Life Cycle for full details regarding the current life cycle status of all actively supported RHEL releases.
In the event an upgrade is not feasible, even though standard support is no longer available, there are at least four alternatives how SSH sessions can still be established from RHEL 9 systems.
Solution 1 (preferred) - On target system/service, use the ECDSA algorithm instead of RSA to create the host key
For RHEL6, procedure is described in How to use ECDSA and ECDH with openssh on Red Hat Enterprise Linux 6?.
For 3rd party applications such as GitBlit, as of Dec. 21, 2023, the solution is not applicable.
Solution 2 - On the source system, activate the SHA1 crypto-policy on top of the DEFAULT policy
# update-crypto-policies --set DEFAULT:SHA1
Alternatively, you can switch the system-wide crypto policies to the LEGACY policy.
The LEGACY crypto-policy also re-enables the SHA1 algorithm among other, no longer recommended, algorithms.
This option is not recommended by Red Hat and should only be used as a workaround in cases where the RHEL 6 configuration cannot be changed.
Solution 3 - On the source system, craft a specific OpenSSH and OpenSSL configuration to be used on-demand
This is similar to runcp wrapper, but doesn't require the unsupported package, hence is somehow supported by Red Hat Support.
-
First enable SHA1 on the RHEL9 system
# update-crypto-policies --set DEFAULT:SHA1 -
Copy opensslcnf and openssh configuration files
# cp /etc/crypto-policies/back-ends/opensslcnf.config /etc/crypto-policies/back-ends/opensslcnf+sha1-KCS6816771.config # cp /etc/crypto-policies/back-ends/openssh.config /etc/crypto-policies/back-ends/openssh+sha1-KCS6816771.config -
Switch system back to DEFAULT
# update-crypto-policies --set DEFAULT -
Copy openssl configuration file and edit it to use the new openssl configuration
# sed "s#opensslcnf.config#opensslcnf+sha1-KCS6816771.config#" /etc/ssl/openssl.cnf > /etc/ssl/openssl+sha1-KCS6816771.cnf -
Create a system-wide ssh configuration file matching the host to load the specific openssh configuration file
# vim /etc/ssh/ssh_config.d/10-sha1-KCS6816771.conf ... editor opens ... # Example for a legacy system running RHEL6 and accessed through name or IP address 1.2.3.4 Match host my-rhel6-system 1.2.3.4 Include /etc/crypto-policies/back-ends/openssh+sha1-KCS6816771.config # Example for 3rd party application service GitBlit Match host <gitblit-identifier> Hostname <gitblit-system> Port <gitblit-port> Include /etc/crypto-policies/back-ends/openssh+sha1-KCS6816771.config -
Finally whenever connecting to the target system or service, set the OPENSSL_CONF variable in the environment when connecting
$ OPENSSL_CONF=/etc/ssl/openssl+sha1-KCS6816771.cnf ssh my-rhel6-systemExample for 3rd party application service GitBlit when using git:
$ export OPENSSL_CONF=/etc/ssl/openssl+sha1-KCS6816771.cnf $ git clone ssh://<gitblit-identifier>/path/to/my/git
Solution 4 - On the source system, install the runcp wrapper
Engineering delivers the runcp wrapper by courtesy as an unsupported package available at the following location:
-
Install the package
# dnf copr enable asosedkin/crypto-policies-extras # dnf -y install crypto-policies-extras -
Wrap the command into the wrapper
$ runcp LEGACY ssh my-rhel6-host <command>Example for 3rd party application service GitBlit when using git:
$ runcp LEGACY git clone ssh://<gitblit-service>:<gitblit-port>/path/to/my/gitNote:
LEGACYcan also be replaced byDEFAULT:SHA1.
Root Cause
- The RHEL 6 OpenSSH implementation uses the ssh-rsa public key signature algorithm which depends on SHA1. OpenSSH upstream has disabled RSA signatures using the SHA1 hash algorithm by default since Content from www.openssh.com is not included.OpenSSH release 8.8.
- In RHEL 9, SHA1 usage is restricted in the This content is not included.DEFAULT system-wide cryptographic policy. With the exception of HMAC usage, SHA1 is no longer allowed in TLS, DTLS, SSH, IKEv2 and Kerberos protocols.
- Individual applications not controlled by crypto policies are also moving away from using SHA1 digests in RHEL 9.
- SHA-1 Deprecation in Red Hat Enterprise Linux 9
Diagnostic Steps
# ssh -v my-rhel6-system
debug1: kex: host key algorithm: ssh-rsa
...
ssh_dispatch_run_fatal: Connection to xxx port 22: error in libcrypto
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.