similar to: [Bug 2568] New: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures

https://bugzilla.mindrot.org/show_bug.cgi?id=2439 Bug ID: 2439 Summary: New sha256-base64 SSH Fingerprints in openssh-6.8 Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2453 Bug ID: 2453 Summary: Document authentication method "none" for AuthenticationMethods Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2576 Bug ID: 2576 Summary: ssh-agent enters busy loop when running out of fds Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-agent Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=2397 Bug ID: 2397 Summary: Match block doesn't match negated addresses Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2501 Bug ID: 2501 Summary: VerifyHostKeyDNS & StrictHostKeyChecking Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2515 Bug ID: 2515 Summary: Implement diffie-hellman-group{14,15,16)-sha256 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: ASSIGNED Severity: enhancement Priority: P3 Component: ssh Assignee: dtucker at

https://bugzilla.mindrot.org/show_bug.cgi?id=2746 Bug ID: 2746 Summary: RFE: Allow to disable SHA1 signatures for RSA Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2440 Bug ID: 2440 Summary: X11 connection will fail if user's home directory is read-only Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2400 Bug ID: 2400 Summary: StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2561 Bug ID: 2561 Summary: ssh-keygen -A does not recreate broken zero-sized host keys Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=2158 Bug ID: 2158 Summary: Race condition in receiving SIGTERM Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2547 Bug ID: 2547 Summary: ssh-ext-info: missing server signature algorithms Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2650 Bug ID: 2650 Summary: UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256 Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh

Hello, as a follow-up on my mail some time last month where we were facing weird issues when authenticating to new OpenSSH servers, I went down the road to investigate what is really going on there and I found out that even though all the logs in client and server happily say that the SHA2 extension is used, under the hood there is just SHA1. This is because the different agents are ignoring the

https://bugzilla.mindrot.org/show_bug.cgi?id=2698 Bug ID: 2698 Summary: Tracking bug for OpenSSH 7.6 release Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2594 Bug ID: 2594 Summary: Tracking bug for OpenSSH 7.4 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: normal Priority: P1 Component: Miscellaneous

https://bugzilla.mindrot.org/show_bug.cgi?id=2519 Bug ID: 2519 Summary: Obsolete SSHv1 config options Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2647 Bug ID: 2647 Summary: Tracking bug for OpenSSH 7.5 release Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info: