[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 4 12:49:03 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3213

Gordon Messmer <gordon.messmer at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3448|0                           |1
        is obsolete|                            |

--- Comment #8 from Gordon Messmer <gordon.messmer at gmail.com> ---
Created attachment 3476
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3476&action=edit
Use RSA keys for OpenSSH 7.4 servers, if local policy permits

I've rebased the previous patch and moved the compat code to its own
function.

Using a custom config matching Fedora's current default to connect to a
Debian 9 (openssh 7.4) VM, I've verified that an RSA key will be used
successfully with the patch, and will not be attempted without it.

Host 192.168.122.246
        PubkeyAcceptedAlgorithms
ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01 at openssh.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list