OpenSSH 8.2 appears to be one key to send the public key and a different key to send the signature?
Terra Frost
terrafrost at gmail.com
Mon Feb 20 04:25:09 AEDT 2023
I'm trying to connect to an SSH server using OpenSSH_8.2p1
Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 and am seeing some weird
stuff in the logs. In particular, there's this:
debug3: sign_and_send_pubkey: RSA
SHA256:Xss+fkLagMzhqQfEakymnMzhqQN2FnzmZHrGJJFRzXA
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
SHA256:Xss+fkLagMzhqQfGgpPlmWuHq8N2FnzmZHrGJJFRzXA
What's weird about that is that the key fingerprints are subtly different:
SHA256:Xss+fkLagMzhqQf EakymnMzhqQ N2FnzmZHrGJJFRzXA
SHA256:Xss+fkLagMzhqQf GgpPlmWuHq8 N2FnzmZHrGJJFRzXA
(I added the spaces to make them more readable)
My question is... how can this be so?
Here's the code that does that:
https://github.com/openssh/openssh-portable/blob/V_8_2_P1/sshconnect2.c#L1247
But in my cursory reading of the code it looks like those two lines should
be the same - not different.
It's also strange that, despite being different, that they're as similar as
they are. With any cryptographic hash I'd expect that changing one
character would change the whole hash *completely* but in this case like
less than half of the hash is being changed? That doesn't make any sense to
me.
Any ideas?
More information about the openssh-unix-dev
mailing list