[Bug 2959] New: Disabling just rsa-sha2-512 breaks public key authentication

Wed Jan 23 21:43:43 AEDT 2019

https://bugzilla.mindrot.org/show_bug.cgi?id=2959

            Bug ID: 2959
           Summary: Disabling just rsa-sha2-512 breaks public key
                    authentication
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ossman at cendio.se

Put this in sshd_config:

> PubkeyAcceptedKeyTypes -rsa-sha2-512

And any client supporting it will fail to authenticate rather than
using rsa-sha2-256 or ssh-rsa.

You also get this somewhat misleading log entry:

> Jan 23 11:38:10 ossman.lkpg.cendio.se sshd[26633]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]

The problem is that the client looks at the supported algorithms
reported during the key exchange. That list is not filtered in any way.
So the server reports it supports rsa-sha2-512. The client trusts the
server and uses rsa-sha2-512. The server then promptly rejects it and
the client doesn't try any other algo.

My use case was just testing, but there might be more realistic
scenarios where it can cause problems.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.