Better reporting for signature algorithm mismatch?
Brian Candler
b.candler at pobox.com
Thu Dec 5 05:47:08 AEDT 2024
An issue that I come across from time to time is when I try to ssh into
a box with an RSA key, and it fails because the target host is old and
only does sha1 signatures. However, the reason is not reported unless I
turn on debugging. For example, all I see is:
% ssh foo at bar
foo at bar: Permission denied (publickey,keyboard-interactive).
I find this confusing, since my first inclination is that the public key
has not been installed properly on the target host.
But if I remember to try again with debugging, then I see:
% ssh -v foo at bar
...
debug1: Will attempt key: /Users/brian/.ssh/id_rsa RSA
SHA256:mVV81jWVCP/SDRFA7vRM/SDQniylCAcBoSERWyhAXEo agent
...
debug1: Offering public key: /Users/brian/.ssh/id_rsa RSA
SHA256:mVV81jWVCP/SDRFA7vRM/SDQniylCAcBoSERWyhAXEo agent
debug1: send_pubkey_test: no mutual signature algorithm <<<< *THIS*
...
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
foo at bar: Permission denied (publickey,keyboard-interactive).
% ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa foo at bar
<< success >>
I wonder if there could there be some way to highlight the "no mutual
signature algorithm" message more prominently in normal operation? IMO
it's not a problem with a specific key, but a protocol configuration
issue which would affect *all* keys of that type. Admittedly it is
non-fatal, in the sense that other non-RSA keys or other auth methods
can be tried, including falling back to password auth. Even then, I find
it confusing to get a password prompt when I though I'd set up key
authentication.
Other, fatal protocol compatibility problems *do* get reported, e.g.
Unable to negotiate with bar port 22: no matching key exchange method found.
Their offer:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
That's clear and explicit. However, because I'm so used to seeing this
type of error when protocols don't match, it makes it more surprising
that I don't see them for the ssh-rsa signature problem. I'd like to
see a warning for the first key tried, something like:
Warning: unable to authenticate with rsa key: no mutual signature algorithm
Their offer: ssh-rsa
Our offer: rsa-sha2-256, rsa-sha2-512
Anyway, just an idea.
Regards,
Brian.
More information about the openssh-unix-dev
mailing list