[Bug 2994] SSH certificate signing does not work with SHA256 hashing algorithm

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 10 14:38:19 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2994

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
The key type remains ssh-rsa-cert-v01 at openssh.com regardless of
signature.

OpenSSH 8.0 includes the signature type in ssh-keygen -L output and
this allows your to check the that it is what you expect. E.g. (note
the "Signing CA" line)

[djm at hako ssh]$ ssh-keygen -Lf /tmp/k_rsa-cert.pub 
/tmp/k_rsa-cert.pub:
        Type: ssh-rsa-cert-v01 at openssh.com user certificate
        Public key: RSA-CERT
SHA256:/4T+gq8FyJEPTdXS1VaghSypcBubXiFW5AW4V0/a6VM
        Signing CA: RSA
SHA256:sy2Nq/dLCwg2dESiOgCT0NmASiVIUCapmlkANCjTr2s (using rsa-sha2-256)
        Key ID: "id"
        Serial: 0
        Valid: forever
        Principals: (none)
        Critical Options: (none)
        Extensions: 
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list