[PATCH 0/2] Specify signature algorithm during server hostkeys prove
maximejeanrey at gmail.com
maximejeanrey at gmail.com
Wed Nov 13 04:50:17 AEDT 2024
From: Maxime Rey <maximejeanrey at gmail.com>
Hello,
I've discovered an issue with sshd when it's configured to use the SSH agent
alongside multiple host keys. Specifically, this problem happens during the
hostkeys-prove-00 at openssh.com request, when the server attempts to
demonstrate ownership of the host keys by calling the agent.
The issue occurs because, while processing the hostkeys-prove-00 at openssh.com
request, sshd does not specify the signature algorithm in its call to
the agent. As a result, when sshd attempts to verify the response, it
encounters an error due to the missing algorithm specification.
To address this, I have made two contributions:
1 - A modified hostkey-agent.sh regression test that reproduces the issue
under these conditions.
2 - A patch in serverloop.c to correct the error
by ensuring the algorithm is explicitly specified during the
hostkeys-prove-00 at openssh.com response.
Thank you for your time and feedback.
Best regards,
Maxime
Maxime Rey (2):
Add test to cover multiple server hostkeys with agent
Specify signature algorithm during server hostkeys prove
regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++
serverloop.c | 3 +++
2 files changed, 34 insertions(+)
--
2.47.0
More information about the openssh-unix-dev
mailing list