Wind River Support Network

HomeDefectsLIN6-11523
Fixed

LIN6-11523 : CLONE - wrlinux 5 - openSSH multiple ECDSA keys

Created: Jul 13, 2016    Updated: Dec 3, 2018
Resolved Date: Jul 29, 2016
Found In Version: 6.0
Fix Version: 6.0.0.31
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

openssh offers the possibility of creating multiple ECDSA keys (ECDSA implementation supports 3 different ECDSA key lengths – they are not compatible between each other).

OpenSSH then offers 3 keys to client but in practice client can use only one of those keys.

Steps to Reproduce

1. configure a wrlinux 5 RCPL35 project based on any BSP, standard kernel/filesystem

2. On server side we create keys with following commands:
/usr/bin/ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_256_key
/usr/bin/ssh-keygen -t ecdsa -b 384 -f /etc/ssh/ssh_host_ecdsa_384_key
/usr/bin/ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_521_key

Then we add following entries in /etc/ssh/sshd_config:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_256_key
HostKey /etc/ssh/ssh_host_ecdsa_384_key
HostKey /etc/ssh/ssh_host_ecdsa_521_key

Then on client in /etc/ssh/ssh_config:
HostKeyAlgorithms ecdsa-sha2-nistp384

When trying to connect from Client to Server using ssh command – Server during negotiation should offer ecdsa_384 key but it offers ecdsa_256 key (first from HostKey list probably) instead. 

Other Downloads


Live chat
Online