Re: IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

cwarren4101 · ‎03-17-2020

Good day everyone, to meet emerging requirements I am attempting to configure in a lab PKI login, via SSH, to Cisco IOS. I am using information from various Cisco sources but most are similar to the below. Test configuration is also below and PuttyCAC is configured to use a CAPI certificate but no matter what I do IOS and Putty will only agree on ssh-rsa. I know using Radius is unusual, however it has broader support across platforms than TACACS+

Configuring SSH with x509 authentication on IOS devices

https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/212178-Configuring-SSH-with-x509-authentication.html

aaa group server radius WINRADIUS
server name RADIUS

aaa authentication login local_access local enable
aaa authorization config-commands
aaa authorization exec WINRADIUS group radius local
aaa authorization network WINRADIUS group radius local
aaa authorization configuration WINRADIUS group radius

crypto pki trustpoint CA
enrollment mode ra
enrollment url http://xxx.xxx.xxx.xxx:80/CertSrv/mscep/mscep.dll
usage ssl-server
usage ssl-client
serial-number
fqdn IR01.xxx
ip-address xxx.xxx.xxx.xxx
subject-name cn=IR01.xxx
subject-alt-name IR01.xxx
revocation-check ocsp
source interface Vlan11
rsakeypair PKI 4096
authorization list WINRADIUS
authorization username subjectname commonname
hash sha256
!

ip ssh maxstartups 2
ip ssh time-out 60
ip ssh source-interface Vlan11
ip ssh rsa keypair-name PKI
ip ssh logging events
ip ssh version 2
ip ssh server certificate profile
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes256-ctr
ip ssh server algorithm hostkey x509v3-ssh-rsa
ip ssh server algorithm authentication publickey keyboard
ip ssh server algorithm publickey x509v3-ssh-rsa

ip radius source-interface Vlan11

radius server RADIUS
address ipv4 xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
key xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Anyone have any ideas please?

Cristian Matei · ‎03-18-2020

Hi,

Looks like the configuration is incomplete, you didn't mention which certificates to be used in the authentication process:

ip ssh server certificate profile

server

trustpoint sign CA

user

trustpoint verify CA

Also, i'm not sure how SSH-RSA works, if you didn't specify it:

ip ssh server algorithm hostkey x509v3-ssh-rsa ssh-rsa

ip ssh server algorithm publickey x509v3-ssh-rsa ssh-rsa

Have you also properly configure the SSH client? http://risacher.org/putty-cac/

Regards,

Cristian Matei

cwarren4101 · ‎03-18-2020

Apologies the following is present in the config.

ip ssh server certificate profile
server
trustpoint sign CA
ocsp-response include
user
trustpoint verify CA

The goal here is to use x509v3-ssh-rsa not ssh-rsa.

Unfortunately the URL you gave is out of date. The PuttyCAC code is now on GitHub. However most documentation has not been updated for this release.

https://github.com/NoMoreFood/putty-cac/releases

Cristian Matei · ‎03-19-2020

Hi,

I was saying that i don't understand how it negotiates ssh-rsa, since that option is not configured. Can you post the complete output of "show ip ssh" and while trying to connect, run the following debugs, and post the output here:

debug ip ssh detail
debug crypto pki transactions
debug crypto pki messages
debug crypto pki validation

Regards,

Cristian Matei.

cwarren4101 · ‎03-19-2020

Good day, sh ip ssh output is below. One issue here maybe is to get IOS to generate x509v3 SSH keys or to get them into IOS. But the procedures found so far require RSA keys to be generated on the device prior to requesting a certificate for said device.

sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive
Authentication Publickey Algorithms:x509v3-ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa
Encryption Algorithms:aes256-ctr
MAC Algorithms:hmac-sha1
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): PKI
ssh-rsa

Debug output.

Mar 19 19:48:39.189 CDT: %SSH-3-NO_MATCH: No matching hostkey algorithm found: client ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss server x509v3-ssh-rsa
Mar 19 19:48:39.189 CDT: %SSH-5-SSH2_SESSION: SSH2 Session request from xxx.xxx.xxx.xxx (tty = 0) using crypto cipher '', hmac '' Failed
Mar 19 19:48:39.189 CDT: %SSH-5-SSH2_CLOSE: SSH2 Session from xxx.xxx.xxx.xxx (tty = 0) for user '' using crypto cipher '', hmac '' closed
Mar 19 19:48:39.161 CDT: SSH0: starting SSH control process
Mar 19 19:48:39.161 CDT: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
Mar 19 19:48:39.177 CDT: SSH0: protocol version id is - SSH-2.0-PuTTY_Release_0.73_1
Mar 19 19:48:39.177 CDT: SSH2 0: kexinit sent: kex algo = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Mar 19 19:48:39.177 CDT: SSH2 0: kexinit sent: hostkey algo = x509v3-ssh-rsa
Mar 19 19:48:39.177 CDT: SSH2 0: kexinit sent: encryption algo = aes256-ctr
Mar 19 19:48:39.177 CDT: SSH2 0: kexinit sent: mac algo = hmac-sha1
Mar 19 19:48:39.177 CDT: SSH2 0: SSH2_MSG_KEXINIT sent
Mar 19 19:48:39.189 CDT: SSH2 0: SSH2_MSG_KEXINIT received
Mar 19 19:48:39.189 CDT: SSH2 0: kex: client->server enc:aes256-ctr mac:hmac-sha1
Mar 19 19:48:39.189 CDT: SSH2 0: kex: server->client enc:aes256-ctr mac:hmac-sha1
Mar 19 19:48:39.289 CDT: SSH0: Session disconnected - error 0x00

Cristian Matei · ‎03-28-2020

Hi,

I would try using a different SSH client, based on the below output, as the client does not seem to support x509v3-ssh-rsa so it seems to be closing the session (or it's misconfigured):

No matching hostkey algorithm found: client ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss server x509v3-ssh-rsa

I would also try upgrading the router, just to be sure, although it doesn't look like the router being the problem. Could you also completely delete the config and do it again, including the RSA key generation? Remove this command "ip ssh rsa keypair-name PKI" and regenerate the RSA keys, use a modulus length of 2048.

Regards,

Cristian Matei.

cwarren4101 · ‎03-31-2020

So the 891W router is running 159-3.M1 which is current for the device. SSH keys and the certificate are removed from the device (it was about to expire anyway.)

What type of RSA key should be generated please? IOS offers encryption, general-keys, signature, and usage-keys.

So far have tried PuttyCAC 0.71 and TectiaSSH, am working thru CentOS OpenSSH next after this.

Cristian Matei · ‎04-01-2020

Hi,

Use "general Keys" fo 2048 bit. Identify an SSH client (like Pragma Fortress) which has support for RFC6187. The fact that an SSH client supports public-key authentication (this can be done is several ways), it doesn't mean it supports RFC6187.

Regards,

Cristian Matei.

cwarren4101 · ‎04-01-2020

You would be correct regarding RFC6187 support in SSH. Digging around a little appears to show a "standards war" regarding the certificate format SSH should support. Wonderful. Need to think about this more now.

Cristian Matei · ‎04-01-2020

Hi,

Indeed, the RFC's are there, but implementations are rather scarce and non-consistent.

Regards,

Cristian Matei.