search for: key_sig_algorithm

...tual signature algorithm (So far as I can tell, neither the server nor client are overriding default algorithms in their respective configurations) I added some printf debugging to the client to show the values being compared: debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp256-cert-v01 at openssh.com sshkey_sigalg_by_name(cp): ecdsa-sha2-nistp256 debug1: key_sig_algorithm: skipping ecdsa-sha2-nistp256-cert-v01 at openssh.com due to not matching key->type debug1: key_sig_algorithm: cp: ecdsa-sha2-nistp384-cert-v01 at openssh.com sshkey_sigalg_b...

...> Could you sent me a debug trace from the client for this? We shouldn't > send this algorithm name unless the server supports it. Could you try this? diff --git a/sshconnect2.c b/sshconnect2.c index f104408..1d2906f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) * newer (SHA2) algorithms. */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || +...

...of PubkeyAcceptedKeyTypes was changed, and older servers were marked with SSH_BUG_SIGTYPE. For older servers, ssh->kex->server_sig_algs appears to store a list of key types the server supports, while on newer servers it stores a list of RSA signature types that are supported. sshconnect2.c:key_sig_algorithm will return a copy of the name of an SSH key's type. For everything except RSA keys, it will filter the key's type against options.pubkey_key_types, but that doesn't make much sense, because the key has already been verified to be a permitted type by sshconnect2.c:pubkey_prepare. (I h...

..., Oct 11, 2018 at 12:13 PM Damien Miller <djm at mindrot.org> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if (ssh == NULL || ssh->kex->server_sig_algs == NULL || > > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { > > +...

On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no

...qZp0 sign_and_send_pubkey: signing failed for ECDSA-SK-CERT "" from agent: signature algorithm not supported ``` This error comes from here: https://github.com/openssh/openssh-portable/blob/ef7c26cd2f0f9a8222f851d1e551f6dfd3113f8b/sshconnect2.c#L1438 I believe there may be a bug in the `key_sig_algorithm` function (https://github.com/openssh/openssh-portable/blob/ef7c26cd2f0f9a8222f851d1e551f6dfd3113f8b/sshconnect2.c#L1153) which assumes that the signature algorithm will only different from the key algorithm for RSA keys/certs. However, based on my understanding it should be possible to use "w...