Host certificates signed with ed25519 fails with old clients

Jakub Jelen jjelen at
Tue May 16 21:20:29 AEST 2017

Hello all,
recently Fedora infrastructure deployed OpenSSH RSA certificates signed 
with ed25519 CA on server with GIT repositories and we encounter 
problems when connecting from old clients (openssh-5.3p1 + certificates) 
as described in the following bug [1].

There is a known workaround (using only the raw key) and after reading 
some more code around the key exchange and certificates specification, I 
don't see a simple way how to prevent it
  * the client does not know what CA key will be used
  * the server can not select raw RSA (different than would be selected 
by client)

The question is, can/should be the ED25519 keys be used for CA? The 
specification (The line 196 [2]) does not list them or is outdated.  If 
it is a bug, can this be fixed? If it is intended, how to prevent using 
ED25519 keys as CA?

Also reading through the gssgex code I noticed duplicate conditions on 
lines 168 and 172 [3]. Can this be fixed too?

Any more ideas to the current problem?

Attached patches to the minor issues, but not resolving the original 


Jakub Jelen
Software Engineer
Security Technologies
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-certkeys.patch
Type: text/x-patch
Size: 1277 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list