Displaying 6 results from an estimated 6 matches for "pubkey_key_types".
2018 Oct 11
3
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...Y_RSA_CERT)) {
+ (key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
+ (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
/* Filter base key signature alg against our configuration */
return match_list(sshkey_ssh_name(key),
options.pubkey_key_types, NULL);
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
...) ||
> > + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
> > /* Filter base key signature alg against our configuration */
> > return match_list(sshkey_ssh_name(key),
> > options.pubkey_key_types, NULL);
>
> That fixes it for me, thank you. Would you still like a copy of the
> previous failing client trace?
No, I think I figured it out :)
2017 Jul 21
15
[Bug 2746] New: RFE: Allow to disable SHA1 signatures for RSA
https://bugzilla.mindrot.org/show_bug.cgi?id=2746
Bug ID: 2746
Summary: RFE: Allow to disable SHA1 signatures for RSA
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2018 Oct 11
2
no mutual signature algorithm with RSA user certs client 7.8, server 7.4
On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote:
> On Wed, 10 Oct 2018, Adam Eijdenberg wrote:
> > We see this error on the client side:
> >
> > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> > ...
> > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key
> > debug1: send_pubkey_test: no
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...free(dst->fwd_opts.streamlocal_bind_root_directory);
+ dst->fwd_opts.streamlocal_bind_root_directory = NULL;
+ }
}
#undef M_CP_INTOPT
@@ -2300,6 +2320,7 @@ dump_config(ServerOptions *o)
o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
+ dump_cfg_string(sStreamLocalBindRootDirectory, o->fwd_opts.streamlocal_bind_root_directory);
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff --git a/serverloop.c b/serverloop...
2020 Sep 26
18
[Bug 3213] New: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
...re a list of key types the
server supports, while on newer servers it stores a list of RSA
signature types that are supported.
sshconnect2.c:key_sig_algorithm will return a copy of the name of an
SSH key's type. For everything except RSA keys, it will filter the
key's type against options.pubkey_key_types, but that doesn't make much
sense, because the key has already been verified to be a permitted type
by sshconnect2.c:pubkey_prepare. (I haven't gone into the history, but
I'm guessing that this code used to filter against
ssh->kex->server_sig_algs instead.)
In other words, the p...