no mutual signature algorithm with RSA user certs client 7.8, server 7.4
Adam Eijdenberg
adam at continusec.com
Thu Oct 11 12:18:28 AEDT 2018
On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote:
> Could you try this?
>
> diff --git a/sshconnect2.c b/sshconnect2.c
> index f104408..1d2906f 100644
> --- a/sshconnect2.c
> +++ b/sshconnect2.c
> @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
> * newer (SHA2) algorithms.
> */
> if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
> - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) {
> + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
> + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
> /* Filter base key signature alg against our configuration */
> return match_list(sshkey_ssh_name(key),
> options.pubkey_key_types, NULL);
That fixes it for me, thank you. Would you still like a copy of the
previous failing client trace?
More information about the openssh-unix-dev
mailing list