no mutual signature algorithm with RSA user certs client 7.8, server 7.4
Damien Miller
djm at mindrot.org
Thu Oct 11 12:04:01 AEDT 2018
On Thu, 11 Oct 2018, Adam Eijdenberg wrote:
> Thanks for looking into. I wasn't able to get the patch to apply
> cleanly to the portable source for whatever reason, so I manually made
> the changes and got a little further. I now get past the "no mutual
> signature algorithm" client message, and get an error on the server
> side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017):
>
> userauth_pubkey: unsupported public key algorithm:
> rsa-sha2-512-cert-v01 at openssh.com [preauth]
Could you sent me a debug trace from the client for this? We shouldn't
send this algorithm name unless the server supports it.
> Along the way I noticed that there seems to be duplicated entries in
> the keytypes[] array - is this intentional? ie the following 2
> contiguous sections appear to be identical. I ended up changing both
> on my client to remove the "ssh-" prefix:
>
> https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L116-L123
> https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L124-L131
Thanks, I've committed a fix for this.
-d
More information about the openssh-unix-dev
mailing list