Enforcing sha2 algorithm in ssh-keygen.c
Dmitry Belyavskiy
dbelyavs at redhat.com
Sat Mar 4 04:53:02 AEDT 2023
Dear Jim,
I created a bug:
https://bugzilla.mindrot.org/show_bug.cgi?id=3546
On Fri, Mar 3, 2023 at 6:42 PM Jim Knoble <jmknoble at pobox.com> wrote:
>
> @Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html .
>
> It can also help other folks who may be encountering the same issue.
>
> --
> jmk
>
> > On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
> >
> > Dear colleagues,
> >
> > Could you please take a look?
> >
> >> On Fri, Jan 20, 2023 at 12:55 PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
> >>
> >> Dear colleagues,
> >>
> >> ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+).
> >>
> >> The proposed patch enforces using a sha2 algorithm for key verification.
> >>
> >> --
> >> Dmitry Belyavskiy
> >
> >
> >
> > --
> > Dmitry Belyavskiy
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Dmitry Belyavskiy
More information about the openssh-unix-dev
mailing list