[Bug 3748] "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Nov 25 14:05:12 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3894|0 |1
is obsolete| |
--- Comment #15 from Damien Miller <djm at mindrot.org> ---
Created attachment 3922
--> https://bugzilla.mindrot.org/attachment.cgi?id=3922&action=edit
accept webauthn signatures by default
I don't think the changes to sshkey_check_sigtype() are correct.
Implicitly accepting webauthn signatures there would make it impossible
for an administrator to disable webauthn signatures.
IMO it's better to explicitly enable it by default. This means adding a
corresponding signature type for certificate keys that can be used when
advertising support for them (e.g. in the host key algorithms KEXINIT
field)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list