[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 4 12:49:03 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3213
Gordon Messmer <gordon.messmer at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3448|0 |1
is obsolete| |
--- Comment #8 from Gordon Messmer <gordon.messmer at gmail.com> ---
Created attachment 3476
--> https://bugzilla.mindrot.org/attachment.cgi?id=3476&action=edit
Use RSA keys for OpenSSH 7.4 servers, if local policy permits
I've rebased the previous patch and moved the compat code to its own
function.
Using a custom config matching Fedora's current default to connect to a
Debian 9 (openssh 7.4) VM, I've verified that an RSA key will be used
successfully with the patch, and will not be attempted without it.
Host 192.168.122.246
PubkeyAcceptedAlgorithms
ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01 at openssh.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list