[Bug 2959] Disabling just rsa-sha2-512 breaks public key authentication

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Feb 18 13:40:19 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2959

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
AFAIK there's no way in the protocol to handle this. The server can
signal what public key algorithms it supports to the client, but that
list is shared between both publickey and hostbased authentication
methods.

A potential workaround might be to take the union of the enabled
signature algorithms for both and send that, but unfortunately we don't
know which methods are enabled until too late because of the Match
directive in sshd_config - they are evaluated after the
supported-sig-algs message is sent...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list