[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Sep 27 01:28:49 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3213
--- Comment #1 from Gordon Messmer <gordon.messmer at gmail.com> ---
For example, I have an rsa-sha2-256 private key. If I connect to a
server running openssh 7.4, and PubkeyAcceptedKeyTypes=ssh-rsa, then
the key is correctly handled by the openssh 8.3 client. However, if
PubkeyAcceptedKeyTypes=rsa-sha2-256, then the key cannot be used.
The openssh 8.3 client accepts the same key and configuration when used
to connect to openssh >= 7.8 servers.
$ ssh-keygen -l -f ~/.ssh/id_rsa_2015-11-02
4096 SHA256:.... gordon (RSA)
$ ssh -oPubkeyAcceptedKeyTypes=ssh-rsa -i ~/.ssh/id_rsa_2015-11-02
openssh74
Enter passphrase for key '/home/gordon/.ssh/id_rsa_2015-11-02':
gordon at openssh74:~$ logout
Connection to 192.168.122.11 closed.
$ ssh -oPubkeyAcceptedKeyTypes=rsa-sha2-256 -i ~/.ssh/id_rsa_2015-11-02
openssh74
gordon at openssh74's password:
gordon at openssh74:~$ logout
Connection to 192.168.122.11 closed.
$ ssh -oPubkeyAcceptedKeyTypes=rsa-sha2-256 -i ~/.ssh/id_rsa_2015-11-02
openssh78
Enter passphrase for key '/home/gordon/.ssh/id_rsa_2015-11-02':
gordon at openssh78$
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list