[PATCH] Specify signature algorithm during server hostkeys prove
Maxime Rey
maximejeanrey at gmail.com
Tue Oct 29 02:01:36 AEDT 2024
Hello,
I've found that when using the ssh agent and sshd together, there is an issue
when using multiple host keys. Specifically, after the key exchange phase,
when a client requests proof of ownership for the host keys via the
"hostkeys-prove-00 at openssh.com" request, the server prepares the response
without specifying the signature algoorithm in case of non-RSA keys.
This leads to "SSH_ERR_INVALID_ARGUMENT" when verifying the signature in :
openssh-portable/authfd.c line
if ((r = sshkey_check_sigtype(sig, len, alg)) != 0)
To resolve this, I explicitly sets the signature
algorithm, ensuring proper verification for all key types.
I would appreciate any feedback or suggestions regarding this issue.
Best regards,
Maxime
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Specify-signature-algorithm-during-server-hostkeys-p.patch
Type: text/x-patch
Size: 801 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20241028/45150f26/attachment.bin>
More information about the openssh-unix-dev
mailing list