bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-02 22:54 UTC
[Bug 2547] New: ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Bug ID: 2547 Summary: ssh-ext-info: missing server signature algorithms Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: mb at smartftp.com In the "server-sig-algs" extension the server sends to the client, sshd only includes the rsa signature algorithms [1]: (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || However, it should include all signature algorithms (including ecdsa-sha2-*, ssh-ed25519, etc) it supports. This is what the RFC [2] says: string "server-sig-algs" This extension is sent by the server only, and contains a list of signature algorithms that the server is able to process as part of a "publickey" request. You may have incorrectly assumed that there is only 1 signature algorithm for the omitted public key algorithms. For example for ECDSA private keys there are at least two known signature algorithms: ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp256 (from rfc6187) References: [1] https://github.com/openssh/openssh-portable/blob/master/kex.c#L344 [2] https://tools.ietf.org/html/draft-ssh-ext-info-05#section-3.1 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-02 23:06 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Mat <mb at smartftp.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mb at smartftp.com -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-02 23:43 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 --- Comment #1 from Mat <mb at smartftp.com> --- Correction: The following example is incorrect: "You may have incorrectly assumed that there is only 1 signature algorithm for the omitted public key algorithms. For example for ECDSA private keys there are at least two known signature algorithms: ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp256 (from rfc6187)" Both public key formats use the same signature algorithm. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Sep-12 23:31 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Resolution|--- |FIXED Blocks| |2594 --- Comment #2 from Damien Miller <djm at mindrot.org> --- Thanks - I've committed a fix for this. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2594 [Bug 2594] Tracking bug for OpenSSH 7.4 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Feb-06 13:41 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Nuno Goncalves <nunojpg at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nunojpg at gmail.com Resolution|FIXED |--- Status|RESOLVED |REOPENED --- Comment #3 from Nuno Goncalves <nunojpg at gmail.com> --- I believe the commit to fix this have created a regression: OpenSSH 7.3p1: debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> OpenSSH 7.4p1: debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> This former two algs, which worked, are now no longer list as supported and the client ends up using ssh-rsa. I've tried to hardcode at least rsa-sha2-256 back again and it works on the client. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Feb-18 16:15 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Nuno Goncalves <nunojpg at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |MOVED --- Comment #4 from Nuno Goncalves <nunojpg at gmail.com> --- Filled as new bug under #2680. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 02:26 UTC
[Bug 2547] ssh-ext-info: missing server signature algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after release of OpenSSH 7.7. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2680] New: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)
- no mutual signature algorithm with RSA user certs client 7.8, server 7.4
- SSH SSO without keytab file
- build-issue on AIX with openssh-7.7p1 - easy correction! included
- random wrong login shell in domain member