OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
kevin martin
ktmdms at gmail.com
Tue Sep 10 01:04:16 AEST 2024
I'm using the most up to date version of openssh on OL8 that I can patch to
(OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've
tried adding
HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com
or
HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa
to my .ssh/config and still receive an error message of:
agent key RSA-CERT SHA256:..... returned incorrect signature type
sign_and_send_pubkey: no mutual signature supported
if I update-crpyto-policies to the DEFAULT policy, the connectivity works
correctly. I'm a bit confused as to why openssh isn't using my personal
config settings to override the system wide settings or am I not setting
the necessary or is this by design?
---
Regards,
Kevin Martin
More information about the openssh-unix-dev
mailing list