[Bug 2547] New: ssh-ext-info: missing server signature algorithms

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Mar 3 09:54:57 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2547

            Bug ID: 2547
           Summary: ssh-ext-info: missing server signature algorithms
           Product: Portable OpenSSH
           Version: 7.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mb at smartftp.com

In the "server-sig-algs" extension the server sends to the client, sshd
only includes the rsa signature algorithms [1]:
    (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 ||

However, it should include all signature algorithms (including
ecdsa-sha2-*, ssh-ed25519, etc) it supports.

This is what the RFC [2] says:
    string      "server-sig-algs"

  This extension is sent by the server only, and contains a list of
  signature algorithms that the server is able to process as part of a
  "publickey" request.

You may have incorrectly assumed that there is only 1 signature
algorithm for the omitted public key algorithms. For example for ECDSA
private keys there are at least two known signature algorithms:
ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp256 (from rfc6187)

References:
[1] https://github.com/openssh/openssh-portable/blob/master/kex.c#L344
[2] https://tools.ietf.org/html/draft-ssh-ext-info-05#section-3.1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list