[cosmic regression] fails to parse known_hosts, resulting in SSH_SERVER_FOUND_OTHER error for hostkey verification
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libssh (Ubuntu) |
Fix Released
|
Undecided
|
Martin Pitt | ||
Cosmic |
Fix Released
|
Undecided
|
Martin Pitt |
Bug Description
Ubuntu 18.10's libssh 0.8.1 regresses parsing of known_hosts. This happens (sometimes) if there are multiple known_host key types (e. g. ssh-rsa and ssh-ed25519), then it can happen that ssh_session_
I noticed this with testing Cockpit on Ubuntu 18.10 [2], which has a few test cases exercising cockpit-ssh (which uses libssh), e. g. [3]. The scenario is a FreeIPA centrally managed known_hosts file with these entries:
x0.cockpit.lan ssh-rsa AAAAB3NzaC1yc2E
x0.cockpit.lan ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN
x0.cockpit.lan ssh-ed25519 AAAAC3NzaC1lZDI
Connecting to that host with the standard ssh client works:
$ ssh -vv x0.cockpit.lan
[...]
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:
debug1: Host 'x0.cockpit.lan' is known and matches the ECDSA host key.
debug1: Found key in /var/lib/
[...]
<email address hidden>@x0:~$
But not with cockpit-ssh. This shows the JSON protocol (note that you need to copy&paste the correct cookie value from the response):
$ G_MESSAGES_
{ "command": "open", "channel": "c", "payload": "echo", "host": "x0.cockpit.lan", "user": "<email address hidden>" }
---
{"command"
---
{"command"
---
(cockpit-
(cockpit-
(cockpit-
cockpit-
{"command"
---
The "host key for this server changed key type" is the effect of this bug.
SRU INFORMATION:
[IMPACT]: libssh connections that worked in previous Ubuntu releases now may fail on host key verification
[TEST CASE]: See reproducer below. This isn't too easy to reproduce for someone else, so I'm happy to do the validation myself. This can also be verified with the Cockpit integration tests:
bots/
TEST_
[REGRESSION POTENTIAL]: In principle these patches could break known_hosts validation further. However, these fixes have been in Debian testing for a while and validated through e. g. Cockpit's tests (which exercise cockpit-ssh quite heavily). There are also upstream unit tests, and while they didn't pick up that particular regression, they at least make sure that known_hosts verification still works for common cases.
Also, libssh-4 does not have that many reverse dependencies. So overall, I think this is bearable for an SRU, especially as the impact is quite high.
[1] http://
[2] https:/
[3] https:/
This works fine with the latest libssh 0.8.4, when building the Debian unstable package for 18.10, it works fine:
$ G_MESSAGES_ DEBUG=cockpit- ssh cockpit-bridge --interact=---
{ "command": "open", "channel": "c", "payload": "echo", "host": "x0.cockpit.lan", "user": "<email address hidden>" }
---
{"command" :"authorize" ,"challenge" :"*","cookie" :"session109311 540371777" }
---
{"command" :"authorize" , "response": "password foobarfoo", "cookie" :"session109311 540371777" } ssh:10931) : cockpit-ssh-DEBUG: 05:03:06.880: cockpit-ssh x0.cockpit.lan: host not known in any local file, asking sssd ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.165: cockpit-ssh x0.cockpit.lan: using known hosts file /tmp/known- hosts.KIBHRZ ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.248: cockpit-ssh x0.cockpit.lan: connected ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.249: cockpit-ssh x0.cockpit.lan: verified host key ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.278: cockpit-ssh x0.cockpit.lan: agent auth failed ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.282: cockpit-ssh x0.cockpit.lan: Got prompt Password: prompt ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.995: cockpit-ssh x0.cockpit.lan: Couldn't set COCKPIT_ REMOTE_ PEER: Channel request env failed ssh:10931) : cockpit-ssh-DEBUG: 05:03:07.995: cockpit-ssh x0.cockpit.lan: opened channel ssh:10931) : cockpit-ssh-DEBUG: 05:03:08.071: cockpit-ssh x0.cockpit.lan: queued 162 bytes ssh:10931) : cockpit-ssh-DEBUG: 05:03:08.071: cockpit-ssh x0.cockpit.lan: wrote 162 bytes
---
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
(cockpit-
{"command" :"ready" ,"channel" :"c"}
---
I bisected this to this upstream fix: https:/ /git.libssh. org/projects/ libssh. git/commit/ ?id=45058285fca 549876449afef2c 32833b24817e77 . I prepare an SRU.
There are also a few other known_hosts fixes which should get included:
https:/ /git.libssh. org/projects/ libssh. git/commit/ ?id=35a64554899 f142a2b8b68c790 07ad9c3ce00cb1 /git.libssh. org/projects/ libssh. git/commit/ ?id=c1a8c41c5da f79e37aa5fde67d d94c8596e81102 /git.libssh. org/projects/ libssh. git/commit/ ?id=893b69d82b4 435973ec4d15aae cdf352f5f827e2
https:/
https:/