Dear colleagues, ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). The proposed patch enforces using a sha2 algorithm for key verification. -- Dmitry Belyavskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-keygen.patch Type: text/x-patch Size: 1217 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230120/ffe3d6e1/attachment.bin>
Dear colleagues, Could you please take a look? On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:> > Dear colleagues, > > ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). > > The proposed patch enforces using a sha2 algorithm for key verification. > > -- > Dmitry Belyavskiy-- Dmitry Belyavskiy