[Bug 2568] ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 23 20:10:14 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2568

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #13 from Jakub Jelen <jjelen at redhat.com> ---
This is just a top of the iceberg. There are two issues with ssh-agent
and SHA2 signatures. The agent either

 * Does not support SHA2 and fails, which is sane behavior (usability
concerns)
 * Does not support SHA2, but provides SHA1 signature (silently) and it
is accepted by both client and server as I reported as a bug #2799
(security concerns)

There is ssh-agent extension negotiation protocol, but the problem is
that it is not understood by most of the agents so implementation would
need to take care of these cases too.

-- 
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list