Enforcing sha2 algorithm in ssh-keygen.c

Jim Knoble jmknoble at pobox.com
Sat Mar 4 04:39:49 AEDT 2023


@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html .

It can also help other folks who may be encountering the same issue.

-- 
jmk

> On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
> 
> Dear colleagues,
> 
> Could you please take a look?
> 
>> On Fri, Jan 20, 2023 at 12:55 PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>> 
>> Dear colleagues,
>> 
>> ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+).
>> 
>> The proposed patch enforces using a sha2 algorithm for key verification.
>> 
>> --
>> Dmitry Belyavskiy
> 
> 
> 
> -- 
> Dmitry Belyavskiy
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list