Fwd: Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa
Jakub Jelen
jjelen at redhat.com
Sat Feb 18 03:18:55 AEDT 2017
On 02/12/2017 03:46 PM, Nuno Gonçalves wrote:
> On 1/30/2017 3:58 AM, Jakub Jelen wrote:
>> This is part of deprecation SHA1 for signatures, which were hardcoded into the core RFCs. The different hashes were introduced in OpenSSH 7.2 [1] and are negotiated using the protocol extension. I
>> don't think there are configuration options to control this behavior, but the new algorithms have higher priority for new OpenSSH versions.
>>
>> [1] http://www.openssh.com/txt/release-7.2
>>
>> Regards,
>
> In that case this is converted to a bug report: Deprecation of SHA1 is
> not being enforced since 7.4p1.
Hello.
Thank you for wide investigation. I filled a bug #2680 [1] to get it
more attention. This is something we would really like to see fixed and
the patch passed probably unseen by the developers.
Damien, Darren, can we get it fixed?
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2680
More information about the openssh-unix-dev
mailing list