[Bug 2568] ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 23 20:10:14 AEDT 2017


Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
                 CC|                            |jjelen at redhat.com

--- Comment #13 from Jakub Jelen <jjelen at redhat.com> ---
This is just a top of the iceberg. There are two issues with ssh-agent
and SHA2 signatures. The agent either

 * Does not support SHA2 and fails, which is sane behavior (usability
 * Does not support SHA2, but provides SHA1 signature (silently) and it
is accepted by both client and server as I reported as a bug #2799
(security concerns)

There is ssh-agent extension negotiation protocol, but the problem is
that it is not understood by most of the agents so implementation would
need to take care of these cases too.

You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list