[Bug 2650] New: UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Dec 24 08:58:39 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2650

            Bug ID: 2650
           Summary: UpdateHostKeys ignores RSA keys if
                    HostKeyAlgorithms=rsa-sha2-256
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: aranea at aixah.de

The UpdateHostKeys feature is designed to only add host key
fingerprints to known_hosts if the corresponding signature algorithm is
allowed by the HostKeyAlgorithms setting (see client_input_hostkeys()
in clientloop.c).

However, for RSA keys it only checks HostKeyAlgorithms for the presence
of ssh-rsa. If HostKeyAlgorithms includes rsa-sha2-{256,512}, but not
ssh-rsa, RSA keys are ignored even though they could be used for
authentication.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list