[Bug 2867] New: No HostKeyAlgorithm is offered by sshd if "rsa-sha2-512" algorithm is forced.

Thu May 17 01:47:33 AEST 2018

https://bugzilla.mindrot.org/show_bug.cgi?id=2867

            Bug ID: 2867
           Summary: No HostKeyAlgorithm is offered by sshd if
                    "rsa-sha2-512" algorithm is forced.
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: xavier.garriga at gmail.com

If 'rsa-sha2-512' Host Key Algorithm is the only algorithm in
sshd_coonfig or sshd is forced to start using only 'rsa-sha2-512' as
Host Key Algorithm no algorithm is offered to client during
negotiation.

Start server with:
sshd -oHostKeyAlgorithms="rsa-sha2-512"

When client tries to connect no HostKeyAlgorithm is offered.

debug2: peer server KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: 
debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr

and connection is not established.

Same problem with "rsa-sha2-256".

-- 
You are receiving this mail because:
You are watching the assignee of the bug.