[Bug 3029] New: keyscan does not list rsa keys if the ssh-rsa is not allowed on server

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 2 20:47:26 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3029

            Bug ID: 3029
           Summary: keyscan does not list rsa keys if the ssh-rsa is not
                    allowed on server
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3294
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3294&action=edit
proposed patch

the keyscan is forcing ssh-rsa signature algorithm when scanning for
rsa keys and if ssh-rsa (SHA1 variant) is not allowed on server, no RSA
keys is returned.

The attached patch extends the signature algorithms to offer also the
SHA2 variants (and certificate SHA2 variants) so the keyscan can work
as expected.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list