[Bug 2568] ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 23 20:25:06 AEDT 2017


--- Comment #14 from Sebastian Unger <sebunger44 at gmail.com> ---
(In reply to Jakub Jelen from comment #13)
>  * Does not support SHA2, but provides SHA1 signature (silently) and
> it is accepted by both client and server as I reported as a bug
> #2799 (security concerns)
Well, I'm not asking it to "silently" accept SHA1 signatures. I would
find an option with a secure default acceptable. Also, I don't see how
falling back from SHA2 to SHA1 reduces security when the server did
accept SHA1's in the first place if the client negotiated them.

This issue is about the case where client and server negotiate SHA2 but
then the agent fails to sign because it does not support SHA2.

You are receiving this mail because:
You are watching the reporter of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list