[PATCH 2/2] Specify signature algorithm during server hostkeys prove
maximejeanrey at gmail.com
maximejeanrey at gmail.com
Wed Nov 13 04:50:19 AEDT 2024
From: Maxime Rey <maximejeanrey at gmail.com>
Set sigalg to the correct key algorithm for every key type. This
allow sshd to verify the signing algorithm used by ssh-agent
during the hostkey-prove.
---
serverloop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/serverloop.c b/serverloop.c
index 757cc6f02..4ef7998cb 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -699,6 +699,9 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
sigalg = "rsa-sha2-256";
}
+ else
+ sigalg = sshkey_ssh_name(key);
+
debug3_f("sign %s key (index %d) using sigalg %s",
sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
if ((r = sshbuf_put_cstring(sigbuf,
--
2.47.0
More information about the openssh-unix-dev
mailing list