Is it possible to disable (SHA2 signature) extension?

Jakub Jelen jjelen at
Tue Oct 3 02:26:58 AEDT 2017

Hello all,
the extension negotiation draft (not only) for SHA2 signature
algorithms is certainly a good thing, but the result of this
negotiation affects also the behavior of the ssh-agent protocol, where
is no negotitation of the extension and when it is negotiated between
server and client, it is used unconditionally.

To get to the core, the problem is with third-party tools talking ssh-
agent protocol, which do not implement this extension and ignores
additional flags (which is certainly a bug in the agent, but the ssh-
agent draft does not say what to do with unknown flags -- shouldn't the
draft handle this case explicitly?). We already  discussed similar
issue with host keys, but a transparent fallback to non-sha2 algorithms
does not look like a good idea from security point of view.

The only sensible solution around this seems implementing some
configuration that would (dis)allow a selection of negotiated
extensions (in client or/and server) or just a switch to enable/disable
it altogether for a compatibility with older systems.

What do you think? Would it be useful?

Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

More information about the openssh-unix-dev mailing list