[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Sep 27 01:28:49 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3213

--- Comment #1 from Gordon Messmer <gordon.messmer at gmail.com> ---
For example, I have an rsa-sha2-256 private key.  If I connect to a
server running openssh 7.4, and PubkeyAcceptedKeyTypes=ssh-rsa, then
the key is correctly handled by the openssh 8.3 client.  However, if
PubkeyAcceptedKeyTypes=rsa-sha2-256, then the key cannot be used.  

The openssh 8.3 client accepts the same key and configuration when used
to connect to openssh >= 7.8 servers.


$ ssh-keygen -l -f ~/.ssh/id_rsa_2015-11-02
4096 SHA256:.... gordon (RSA)

$ ssh -oPubkeyAcceptedKeyTypes=ssh-rsa -i ~/.ssh/id_rsa_2015-11-02
openssh74
Enter passphrase for key '/home/gordon/.ssh/id_rsa_2015-11-02': 
gordon at openssh74:~$ logout
Connection to 192.168.122.11 closed.

$ ssh -oPubkeyAcceptedKeyTypes=rsa-sha2-256 -i ~/.ssh/id_rsa_2015-11-02
openssh74
gordon at openssh74's password: 
gordon at openssh74:~$ logout
Connection to 192.168.122.11 closed.

$ ssh -oPubkeyAcceptedKeyTypes=rsa-sha2-256 -i ~/.ssh/id_rsa_2015-11-02
openssh78
Enter passphrase for key '/home/gordon/.ssh/id_rsa_2015-11-02': 
gordon at openssh78$

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list