[Bug 2959] Disabling just rsa-sha2-512 breaks public key authentication

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Feb 18 13:40:19 AEDT 2019


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
AFAIK there's no way in the protocol to handle this. The server can
signal what public key algorithms it supports to the client, but that
list is shared between both publickey and hostbased authentication

A potential workaround might be to take the union of the enabled
signature algorithms for both and send that, but unfortunately we don't
know which methods are enabled until too late because of the Match
directive in sshd_config - they are evaluated after the
supported-sig-algs message is sent...

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list