Teleport server certs are signed with ssh-rsa-cert-v01@openssh.com, which was deprecated in OpenSSH 8.2

[sskousen]

Description

Starting with OpenSSH 8.2, teleport server certificates are no longer accepted as valid, when the cluster CA has been added to ~/..ssh/known_hosts. Rolling back to 8.1 solves the issue. OpenSSH 8.2 changelog (https://www.openssh.com/releasenotes.html) mentions that they have deprecated SHA1 cert signing.

What happened:
OpenSSH does not accept the server's certificate as valid, and asks if you want to continue connecting.

What you expected to happen:
OpenSSH should validate the server certificate, trust the CA, and connect without user intervention.

How to reproduce it (as minimally and precisely as possible):

• Add @cert-authority * ssh-rsa <...> type=host to ~/.ssh/known_hosts on Ubuntu 20.04 with OpenSSH 8.2.
• Attempt to connect to a node within the cluster using normal openssh client.
• The server certificate should be accepted, but isn't.

Environment

• Teleport version (use teleport version): 4.2.9
• Tsh version (use tsh version): 4.2.9
• OS (e.g. from /etc/os-release): Ubuntu 20.04 (focal)

root@9c0397b1e1ea:~# ssh -v test-node1
OpenSSH_8.2p1 Ubuntu-4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 8: Applying options for cluster1*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to test-node1 [192.168.1.1] port 3022.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: certificate file /root/.tsh/keys/cluster1/user@cluster1-cert.pub type 4
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version Teleport
debug1: no match: Teleport
debug1: Authenticating to test-node1:3022 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:RYFwODfulkHn+2idMFDk0XyDs/wFDNuxoLBHMKrRUs0, serial 0 ID "" CA ssh-rsa SHA256:ftKXNjA4qUD9HuE9MsedDrvjJudXkS3Msg9QQiwpmQk valid after 2020-04-14T03:42:34
debug1: Host '[test-node1]:3022' is known and matches the RSA-CERT host certificate.
debug1: Found CA key in /root/.ssh/known_hosts:1
check_host_cert: certificate signature algorithm ssh-rsa: signature algorithm not supported
debug1: No matching CA found. Retry with plain key
debug1: checking without port identifier
The authenticity of host '[test-node1]:3022 ([192.168.1.1]:3022)' can't be established.
RSA key fingerprint is SHA256:RYFwODfulkHn+2idMFDk0XyDs/wFDNuxoLBHMKrRUs0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

[awly]

Thanks for the report!
It's an upstream issue in the Go SSH libraries: golang/go#37278.
Our current plan is to wait for a fix to land there.

[awly]

Note: this will land in 4.3