Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh/test: tests fail on RHEL9 ppc64le and x86 #65581

Closed
laboger opened this issue Feb 7, 2024 · 3 comments
Closed

x/crypto/ssh/test: tests fail on RHEL9 ppc64le and x86 #65581

laboger opened this issue Feb 7, 2024 · 3 comments
Labels
FixPending Issues that have a fix which has not yet been reviewed or submitted. FrozenDueToAge
Milestone
Unreleased

Comments

@laboger
Copy link
Contributor

laboger commented Feb 7, 2024

Go version

go version devel go1.23-f19f31f2e7 Fri Jan 19 22:38:49 2024 +0000 linux/ppc64le

Output of go env in your module/workspace:

go version
go version devel go1.23-f19f31f2e7 Fri Jan 19 22:38:49 2024 +0000 linux/ppc64le
[boger@ltcd97-lp6 test]$ go env
GO111MODULE=''
GOARCH='ppc64le'
GOBIN=''
GOCACHE='/home/boger/.cache/go-build'
GOENV='/home/boger/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='ppc64le'

What did you do?

When running tests in golang.org/x/crypto, I saw failures in ssh/test testcases as shown below. The failures happen on ppc64le and x86 when running on RHEL 9.3. They pass with the -short option on RHEL 9.3. They pass on RHEL8 and Ubuntu with or without the -short option.

What did you see happen?

--- FAIL: TestCertLogin (0.04s)
cert_test.go:70: TryDialWithAddr: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
test_unix_test.go:254: sshd: /tmp/sshtest993198346/sshd_config line 10: Deprecated option KeyRegenerationInterval
/tmp/sshtest993198346/sshd_config line 11: Deprecated option ServerKeyBits
/tmp/sshtest993198346/sshd_config line 17: Deprecated option RSAAuthentication
/tmp/sshtest993198346/sshd_config line 22: Deprecated option RhostsRSAAuthentication
main: sshd: ssh-dss is disabled, skipping key file /tmp/sshtest993198346/id_dsa
..... lots of output

--- FAIL: TestClientAuthAlgorithms (0.15s)
--- FAIL: TestClientAuthAlgorithms/rsa (0.04s)
session_test.go:443: failed for key "rsa"
test_unix_test.go:254: sshd: /tmp/sshtest216017125/sshd_config line 10: Deprecated option KeyRegenerationInterval
/tmp/sshtest216017125/sshd_config line 11: Deprecated option ServerKeyBits
/tmp/sshtest216017125/sshd_config line 17: Deprecated option RSAAuthentication
/tmp/sshtest216017125/sshd_config line 22: Deprecated option RhostsRSAAuthentication
main: sshd: ssh-dss is disabled, skipping key file /tmp/sshtest216017125/id_dsa
... lots of output

--- FAIL: TestClientAuthAlgorithms/dsa (0.04s)
    session_test.go:443: failed for key "dsa"
    test_unix_test.go:254: sshd: /tmp/sshtest1585037056/sshd_config line 10: Deprecated option KeyRegenerationInterval
        /tmp/sshtest1585037056/sshd_config line 11: Deprecated option ServerKeyBits
        /tmp/sshtest1585037056/sshd_config line 17: Deprecated option RSAAuthentication
        /tmp/sshtest1585037056/sshd_config line 22: Deprecated option RhostsRSAAuthentication
        main: sshd: ssh-dss is disabled, skipping key file /tmp/sshtest1585037056/id_dsa

... lots of output

This is mainly for your awareness. This is not necessarily a high priority issue for us.
I tried it on earlier Go versions and saw failures back to Go 1.20. I did not try anything earlier.

What did you expect to see?

PASS
@gopherbot gopherbot added this to the Unreleased milestone Feb 7, 2024
@ianlancetaylor
Copy link
Member

@golang/security

@rolandshoemaker
Copy link
Member

cc @drakkan

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/562755 mentions this issue: ssh/test: don't use DSA keys in integrations tests, update the test RSA key

@dr2chase dr2chase added the FixPending Issues that have a fix which has not yet been reviewed or submitted. label Feb 9, 2024
drakkan added a commit to drakkan/crypto that referenced this issue May 11, 2024
@drakkan
ssh/test: don't use DSA keys in integrations tests, update test RSA key
9992146 
on RHEL 9 OpenSSH does not support DSA keys and RSA keys with size less
than 2048 bits, furthermore signing with ssh-rsa (SHA-1 signatures) and
ssh-dss is not allowed, therefore:

1) replaced the 1024-bit RSA key used in the test with a new 2048-bit
   one
2) removed DSA key from itegration tests
3) allowed signature errors using ssh-rsa in agent integration tests, we
   also check SHA-2 variants that are not skipped

Fixes golang/go#65581

Change-Id: I54bf997b61ef4d91d38eb624275737ba7291bb20
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/562755
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@golang golang locked and limited conversation to collaborators Feb 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FixPending Issues that have a fix which has not yet been reviewed or submitted. FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@dr2chase @ianlancetaylor @rolandshoemaker @gopherbot @laboger