[Bug 2994] SSH certificate signing does not work with SHA256 hashing algorithm
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri May 10 14:38:19 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2994
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
The key type remains ssh-rsa-cert-v01 at openssh.com regardless of
signature.
OpenSSH 8.0 includes the signature type in ssh-keygen -L output and
this allows your to check the that it is what you expect. E.g. (note
the "Signing CA" line)
[djm at hako ssh]$ ssh-keygen -Lf /tmp/k_rsa-cert.pub
/tmp/k_rsa-cert.pub:
Type: ssh-rsa-cert-v01 at openssh.com user certificate
Public key: RSA-CERT
SHA256:/4T+gq8FyJEPTdXS1VaghSypcBubXiFW5AW4V0/a6VM
Signing CA: RSA
SHA256:sy2Nq/dLCwg2dESiOgCT0NmASiVIUCapmlkANCjTr2s (using rsa-sha2-256)
Key ID: "id"
Serial: 0
Valid: forever
Principals: (none)
Critical Options: (none)
Extensions:
permit-X11-forwarding
permit-agent-forwarding
permit-port-forwarding
permit-pty
permit-user-rc
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list