[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Sep 24 00:19:52 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3213
Joey Berkovitz <joeyberkovitz at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joeyberkovitz at gmail.com
--- Comment #12 from Joey Berkovitz <joeyberkovitz at gmail.com> ---
It seems that this fix doesn't entirely resolve the issue. I tested on
Fedora 34 with OpenSSH 8.7p1 and I get an error when using an OpenSSH
certificate to connect to a CentOS 7 server running OpenSSH 7.4p1. The
error message is as follows: `send_pubkey_test: no mutual signature
algorithm`
Adding `PubkeyAcceptedKeyTypes +ssh-rsa` allows the connection to go
through, but I don't think that it should be necessary.
For reference, the cert is of type `ssh-rsa-cert-v01 at openssh.com`. The
public key on the cert is `RSA-CERT SHA256` and the Signing CA uses
`ssh-ed25519`
Please let me know if this can be fixed with a similar compat code
change
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list