[Bug 3219] Can't connect to a server that is using several host keys of the same type
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Oct 4 03:18:26 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3219
--- Comment #2 from jatjasjem at gmail.com ---
I am not sure what would be the use of multiple host keys of the same
type if
only one is offered at the same time. It the protocol doesn't allow
retrying
using a different host key, perhaps the server could refuse to start if
given
several host keys of the same type?
In either case, while is possible to connect using different ECDSA
keys, the
algorithms must be specified explicitly. This seems to be due to the
fact that
given an ECDSA key `order_hostkeyalgs` in `sshconnect2.c` will return
all
ECDSA host key algorithms, including the ones incompatible with the
key. This,
in turn, seems to be due to the fact that OpenSSH considers the three
ECDSA
keys as being of the same type.
Since you can't verify e.g. ECDSA nistp521 signature using
"ecdsa-sha2-nistp384", perhaps OpenSSH could view the ECDSA keys as
different ones?
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list