[Bug 2568] ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 23 20:10:14 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2568
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen at redhat.com
--- Comment #13 from Jakub Jelen <jjelen at redhat.com> ---
This is just a top of the iceberg. There are two issues with ssh-agent
and SHA2 signatures. The agent either
* Does not support SHA2 and fails, which is sane behavior (usability
concerns)
* Does not support SHA2, but provides SHA1 signature (silently) and it
is accepted by both client and server as I reported as a bug #2799
(security concerns)
There is ssh-agent extension negotiation protocol, but the problem is
that it is not understood by most of the agents so implementation would
need to take care of these cases too.
--
You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list