bugzilla-daemon at mindrot.org
2023-Mar-03 17:52 UTC
[Bug 3546] New: Use SHA2 in ssh-keygen key verification
https://bugzilla.mindrot.org/show_bug.cgi?id=3546 Bug ID: 3546 Summary: Use SHA2 in ssh-keygen key verification Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: dbelyavs at redhat.com Created attachment 3681 --> https://bugzilla.mindrot.org/attachment.cgi?id=3681&action=edit Proposed fix ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). The proposed patch enforces using a sha2 algorithm for key verification. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-08 00:07 UTC
[Bug 3546] Use SHA2 in ssh-keygen key verification
https://bugzilla.mindrot.org/show_bug.cgi?id=3546 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |3533 Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- similar fix applied. Will be in OpenSSH 9.3, due soon Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3533 [Bug 3533] tracking bug for openssh-9.3 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-17 02:43 UTC
[Bug 3546] Use SHA2 in ssh-keygen key verification
https://bugzilla.mindrot.org/show_bug.cgi?id=3546 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- OpenSSH 9.3 has been released. Close resolved bugs -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Maybe Matching Threads
- Enforcing sha2 algorithm in ssh-keygen.c
- Enforcing sha2 algorithm in ssh-keygen.c
- Enforcing sha2 algorithm in ssh-keygen.c
- [Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
- [Bug 3494] New: ssh-keygen -r cannot disable SHA-1 digest