Conversation

Notices

1. Embed this notice
   zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:00:41 JST zhenech

   Today in FUCKING FIPS LAND:

   $ ssh-keyscan ippai.die-welt.net
   # ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
   kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
   # ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
   kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
   # ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
   kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Friday, 25-Apr-2025 22:00:32 JST silverwizard

     in reply to

     • Clemens

     @zhenech @neverpanic if you -vvv can you see the kex happen and fail but the wrapper still says (private key) since it just got that path and failed?

     However, this needs updates! FIPS approved 25519 two years ago (which I know is 10 years in the future in FIPS time)

   • Embed this notice
     zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:00:33 JST zhenech

     in reply to

     • Clemens

     @neverpanic But why does `ssh` manage to work, while `ssh-keyscan` does not?

     When I do `ssh -v ippai.die-welt.net` from an EL9-FIPS box, I see
     ```
     debug1: kex: algorithm: ecdh-sha2-nistp256
     debug1: kex: host key algorithm: ecdsa-sha2-nistp256
     ```

     While in `ssh-keyscan -v` I only see c25519, and that's forbidden.

   • Embed this notice
     Clemens (neverpanic@chaos.social)'s status on Friday, 25-Apr-2025 22:00:35 JST Clemens

     in reply to

     @zhenech Seems pretty clear to me: You can't KEX with x25519. You can KEX with ECDH over secp256r1. The host key is ECDSA using secp256r1.

     x25519 kex isn't allowed in FIPS. ECDH over secp256r1 is. Host key signatures using secp256r1 are also OK, signatures using ed25519 only recently and your implementation may not have caught up with that yet.

   • Embed this notice
     zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:00:37 JST zhenech

     in reply to

     WHAT IS IT NOW?!

     CAN YOU KEX OR CAN YOU NOT KEX?!

     THIS IS THE FUCKING QUESTION HERE!

   • Embed this notice
     zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:00:38 JST zhenech

     in reply to

     $ cat .ssh/known_hosts
     ippai.die-welt.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIBUsKAIaR020Tom56jb/4RSSNTEeH+lKZowCE3r0kjvcONHTv99RimO1V7ke+JAHVBLlHM3R1PjwHfOmzf9CP4=

   • Embed this notice
     zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:00:40 JST zhenech

     in reply to

     $ ssh ippai.die-welt.net
     The authenticity of host 'ippai.die-welt.net (188.68.51.252)' can't be established.
     ECDSA key fingerprint is SHA256:V0iohQpWv4KNHI1TXMy/RPcMSc6m0P3id7LpQKLvm9o.
     This key is not known by any other names
     Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
     Warning: Permanently added 'ippai.die-welt.net' (ECDSA) to the list of known hosts.
     user@ippai.die-welt.net: Permission denied (publickey).

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Friday, 25-Apr-2025 22:15:27 JST silverwizard

     in reply to

     • Clemens
     @zhenech @neverpanic wait - it's just reading it as ECDSA! What?
   • Embed this notice
     zhenech (zhenech@chaos.social)'s status on Friday, 25-Apr-2025 22:15:29 JST zhenech

     in reply to

     • silverwizard
     • Clemens

     @silverwizard @neverpanic https://paste.debian.net/hidden/6706dce1/ looks like yes? Also, if I deploy a key, it allows me to log in :)