IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Experimental server for RSA SHA-2

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: Experimental server for RSA SHA-2
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Sun, 8 Nov 2015 09:10:53 +0000

I have set up a server where we can test support for RSA SHA-2.

You can connect to it at:

experiment.bitvise.com:10712

It is set up to test the new RSA SHA-2 signature methods - rsa-sha2-256 and rsa-sha2-512 - as currently defined here:

https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02

You can test support for these new algorithms for both host and user authentication.

To test host authentication, set the list of host key algorithms in your KEXINIT to "rsa-sha2-256" or "rsa-sha2-512". You will need at least one of these for successful key exchange - the server doesn't offer anything else.

To test user authentication, log into the account "test" using "rsa-sha2-256" or "rsa-sha2-512" as the signature method. You will need to use the following 2048-bit RSA private key for the server to accept the public key:

-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAmKWhKT/t0vdBSIjDt+yz39yknfNalzGPDR2Hsw1s4PFbuHQU
FPBdSL751K9EH9dpI7+npb6bbHIilPlwQXJBqhzRxs/XDHDMXTgIANO9s8D6ag8e
Ed47HN7GAmb9uh4Raiffxh9yumM/kxxqjagFVuHfxLLHitfZGZ5OJOOS1TB79FTl
wgn+om9LINkChQ14uacfoVCNKqIcRWoGqJ931q9CwOwut6pm6vXNcpMtL6NpaZLH
tMkwOpfPyvuZ7ZKFRXzeH6YXwOdDzRqwr4iCyVERTdouKd9IDn6GNGeaPuCCfSg0
SgCNys1zexDuWXJm6hvJPOwM7XsAE8SzkWBQhQIBEQKCAQBH1XkEWlHMsJcxMU0L
QjaHduQOGCqhgLvJ78djUZymFzo4rxiCUv640ldzJU08KSJrLQOZSqN+U9QJ3stq
F6ZuK64DNKFvRCPvoeWmCUo2eO5QBx01lcF2/2w9XaST0eoT1odsSwjQLrSBdsi7
IeRlHv/kF+Vug7F1d6xNmEUZBwd8IcUNbdRUVTmlksbrHChZiahW4IFVY4TvKdNC
V8i7IWtlDYQPQ2leBSa/JCYgHYAsp3PYd2uTfFnPqqggf9R0P/Sr+df7JPXkid8b
uOTmK5HT/eSQzYW0FBreonn++YVAtxgE0adk6BPuEm4Z2MvHuK9vHWfo0oVwA6jn
vgtRAoGBALpb9t+1ZnG612oR9tTtJK44BGAye4YWUcxOTPMK1RbXnFGdTnexmR+/
ILDMRvePJtSjW/qVeXUqwTGxWM+rJPugshM8iM3atqDNqxNu6kES5MYOB8ED0C87
NjtKNErDRDsuvRTYcN05ZRXOUzl6aRQvn7dSU+UB5WPs21/VG7a7AoGBANGwlkNQ
Gim0YsaPCkbkTPTDXjm2N/Q+3NV65DKwz9Zxa+zs4P5logdECipQH2ScPeRnUvbz
UfZ2bl9AWCT9XeYtwuL1ql7wghh5yqMltVtNT7VdVudyWly0nZHRGgw9ygwk5gxn
Uiza+zNS1oroHKGyE50eeasc1kCY4YzP0MG/AoGBAI6Cj5wDMDjaLEINvMDxlIU5
5TqA9QwvL34dwl+AwRF3s8Xww4i0/J/OZEr2kJ8xO8/IN0cnAobGV4BacRdGo896
4ocuSn9M5gJ/KHhFwjHDJ2pG9t7kzGBadMPtc0g69/EFn6aHZV3gmJg0XcKKyNMz
eiLGfGPURgEeiaOi9xNDAoGAGKtc+Nw/UDNW6i7yJnU2OunO2Zz3hiWDZGjPjX42
kbL9o2cph1dAPRcQQTaaSBJhomaCOyuvSiwM/CWwBFoLDAViONGbkrLiIP9FBCKN
zoGQ6CkZSGfOZUJs4/p7iPg140+imAwnyQq0JCfdAUh71smn9F3wMj+gvE44pyeB
+K0CgYAITZe+CF7vELMcFmoOLP8NeJ4kIPhDeY+jZGs7xLBf+whXqv/B/dzShtJa
a+phP7znrIapd/ovO07GYlAgM6vjuriBTO2BLgPrE+kg9uFNgEFdg0qiTXdVBBUa
X2LMxNHgbhlZ8/KntaGGVntq7I3BNIzHnPHzFZV1Fx0fGBqZCA==
-----END RSA PRIVATE KEY-----

denis bider <ietf-ssh3%denisbider.com@localhost> , 11/8/2015 2:36 AM:

I can make available an experimental build of our SSH Server that will implement these algorithms.

Might need to give me a few hours.

denis bider <ietf-ssh3%denisbider.com@localhost> , 11/8/2015 2:24 AM:
The "ecdsa-sha2-..." algorithm names (RFC 5656) do not use the "ssh-" prefix.

Neither do the new formats in RFC 6187, i.e. "x509v3-rsa2048-sha256" and "x509v3-ecdsa-sha2-...".

In my opinion, the "ssh-" prefix is superfluous. The context of SSH is implied by where the names are used.

The prefix would make sense if it were needed to disambiguate from something. However, I am not aware of any proposal for SSH to do a wholesale import of algorithm names from some other, SSH-unaware spec. Moreover, if such names were imported, then THOSE names would be prefixed with something, not the SSH native algorithm names.

I think the use of "ssh-" prefixes for all kinds of names was a (small) mistake in the original design. I think we can safely migrate away from it.

Therefore, I have specified no "ssh-" prefix for these algorithms.

Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> , 11/8/2015 2:23 AM:
denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>(1) I have uploaded a new version of the RSA SHA-2 draft:
>
>https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02

Has anyone else implemented this? I've dropped in some quick partial support
for it, and I can't see why it wouldn't work transparently to replace the
existing form, but being able to test against someone else would be good.

Hmm, just saw an issue, I used "ssh-rsa-sha2..." instead of rsa-..., should
the new names also have the "ssh-" prefix to match existing usage? As I see
it the name has to identify the format used, "ssh-", and the signature
algorithm, "rsa-sha...", having just the latter makes it difficult to specify
other signature formats.

Peter.

Follow-Ups:
- RE: Experimental server for RSA SHA-2
  - From: Peter Gutmann

References:
- Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
  - From: denis bider

Prev by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Next by Date: RE: DH group exchange (Re: SSH key algorithm updates)
Previous by Thread: RE: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Next by Thread: RE: Experimental server for RSA SHA-2
Indexes:

Home | Main Index | Thread Index | Old Index