conflict in host signature checking

Damien Miller djm at
Tue Jun 16 09:52:06 AEST 2020

On Mon, 15 Jun 2020, Harald Dunkel wrote:

> Hi folks,
> AFAICS the recent ssh versions don't support the ssh-rsa signature
> algorithm for host keys anymore:
> 	check_host_cert: certificate signature algorithm ssh-rsa:
> 	signature algorithm not supported
> So I refreshed the host key signatures using	
> 	ssh-keygen -s ~/.ssh/ca_rsa -t rsa-sha2-256 \
> 	  -I -h /tmp/
> This went well for almost all hosts in my environment, except for an
> ancient Solaris 10 host used to checkout and build some very old code
> (just in case). The problem on this host is
> 	% ssh -V
> 	OpenSSH_6.2p1, OpenSSL 1.0.1r  28 Jan 2016
> 	% ssh -F /dev/null git
> 	ssh_rsa_verify: cannot handle type rsa-sha2-256
> 	cert_parse: Certificate signature verification failed
> 	key_from_blob: can't parse cert data
> 	cannot decode server_host_key_blob
> 	% echo $?
> 	255
> If I put the old signed key back into place on git, then Solaris is
> happy, but all other hosts complain as shown above.
> Using */bin/ssh -F /dev/null* (i.e. the ancient ssh provided with Solaris10)
> there is no problem with an unsupported signature algorithm, so I wonder
> if I missed some command line flag to skip the signature verification in
> openssh 6.2, as /bin/ssh does? Of course I checked the man page. Please
> excuse if I am too blind to see.

OpenSSH 6.2 doesn't support the RSA/SHA2 signature algorithms, so it will
not be able to process a host key whose CA signature is made with that

If you can't upgrade the host running OpenSSH 6.2, then I'd recommend
switching to an ECDSA CA key. That should be supported back to before


More information about the openssh-unix-dev mailing list