[Bug 3351] RSA SHA256 certificates no longer work

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Oct 7 13:46:38 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3351

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I'm not able to replicate this, either manually or with modifications
to regress/cert-userkey.sh to explicitly test this case (though I think
it was previously anyway).

Could you please attach debug traces from the client and server to this
bug?

Note that RSA SHA256 certificates are always identified as
ssh-rsa-cert-v01 at openssh.com because key type names are actually
somewhat separate to signature algorithm names even though they look
the same. So a ssh-rsa-cert-v01 at openssh.com certificate can happily
make a rsa-sha2-256 signature. (Yes, this is a confusing area of the
protocol).

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list