Displaying 20 results from an estimated 11000 matches similar to: "[Bug 3546] New: Use SHA2 in ssh-keygen key verification"
2023 Mar 03
1
Enforcing sha2 algorithm in ssh-keygen.c
@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html .
It can also help other folks who may be encountering the same issue.
--
jmk
> On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> ?Dear colleagues,
>
> Could you please take a look?
>
>> On Fri, Jan 20, 2023 at 12:55?PM
2023 Mar 03
1
Enforcing sha2 algorithm in ssh-keygen.c
Dear colleagues,
Could you please take a look?
On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> Dear colleagues,
>
> ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+).
>
> The proposed patch enforces
2023 Jan 20
1
Enforcing sha2 algorithm in ssh-keygen.c
Dear colleagues,
ssh-keygen uses SHA1 algorithm (default) when verifying that the key is
usable. It causes problems on recent systems where SHA1 is disabled for use
with signatures (at least, RHEL 9+).
The proposed patch enforces using a sha2 algorithm for key verification.
--
Dmitry Belyavskiy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-keygen.patch
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Bug ID: 3253
Summary: ssh-keygen man page still lists deprecated key types
for -t
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
2022 Oct 31
4
[Bug 3494] New: ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494
Bug ID: 3494
Summary: ssh-keygen -r cannot disable SHA-1 digest
Product: Portable OpenSSH
Version: 9.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs
2023 Feb 04
26
[Bug 3533] New: tracking bug for openssh-9.3
https://bugzilla.mindrot.org/show_bug.cgi?id=3533
Bug ID: 3533
Summary: tracking bug for openssh-9.3
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Keywords: meta
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2023 Jan 24
1
Upstream forwarding test failure
Dear colleagues,
I came across an upstream test suite failure on Fedora 36.
The test in question is forwarding, the output is
==========
adding modulifile='/home/dbelyavs/work/upstream/openssh-portable/moduli' to
sshd_config
using cached key type ssh-ed25519
using cached key type sk-ssh-ed25519 at openssh.com
using cached key type ecdsa-sha2-nistp256
using cached key type
2019 Jan 23
2
[Bug 2959] New: Disabling just rsa-sha2-512 breaks public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2959
Bug ID: 2959
Summary: Disabling just rsa-sha2-512 breaks public key
authentication
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2020 Jun 01
3
"ssh -Q key" does not list rsa-sha2 algorithms
With the upcoming deprecation of ssh-rsa I was trying to see what keys my
version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not
actually list the suggested algorithms to transition to ( rsa-sha2-256 and
rsa-sha2-512 ) even though they are supported. Looking through the code, it
looks like an issue with the arguments passed to sshkey_alg_list in ssh.c
where it should
2020 Jun 01
5
"ssh -Q key" does not list rsa-sha2 algorithms
On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy at mips.inka.de> wrote
> On 2020-06-01, Ethan Rahn <ethan.rahn at gmail.com> wrote:
>
> > With the upcoming deprecation of ssh-rsa I was trying to see what keys my
> > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not
> > actually list the suggested algorithms to
2020 Sep 29
5
[Bug 3216] New: Confusing error "host key ... has changed" when connecting to a server not offering matching host key types
https://bugzilla.mindrot.org/show_bug.cgi?id=3216
Bug ID: 3216
Summary: Confusing error "host key ... has changed" when
connecting to a server not offering matching host key
types
Product: Portable OpenSSH
Version: 7.9p1
Hardware: ARM64
OS: Linux
Status: NEW
2021 Mar 29
15
[Bug 3289] New: Patch fixing the issues found by coverity scan
https://bugzilla.mindrot.org/show_bug.cgi?id=3289
Bug ID: 3289
Summary: Patch fixing the issues found by coverity scan
Product: Portable OpenSSH
Version: 8.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Miscellaneous
Assignee:
2023 Dec 21
1
9.6p1 test suite help
Hi OpenSSH,
I'm working on updating Guix's openssh package definition to the latest
release. So far, I have only changed the version (and checksum) and left
the build/test/install recipe the same. However, the test suite now fails.
I could use some pointers to find out what exactly is going wrong with the
failing test or how to fix it. I'm happy to provide more information about
2023 Mar 02
0
[Bug 3545] New: Output from ssh-keygen -e, which should always be a public-key, is not accepted by ssh-keygen -l
https://bugzilla.mindrot.org/show_bug.cgi?id=3545
Bug ID: 3545
Summary: Output from ssh-keygen -e, which should always be a
public-key, is not accepted by ssh-keygen -l
Product: Portable OpenSSH
Version: 8.9p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2016 Apr 19
4
Client-side public key causing mess
Hello,
I have a client machine and a server machine. I generated a pair of
private-public rsa keys using ssh-keygen.
On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa
On the server machine, I appended the content of the public key to
.ssh/authorized_keys
I can successfully connect from the client to the server with that config.
However, on the client-side, if I add a
2024 Feb 07
3
[Bug 3665] New: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled)
https://bugzilla.mindrot.org/show_bug.cgi?id=3665
Bug ID: 3665
Summary: publickey RSA signature unverified: error in libcrypto
to RHEL9 sshd (with LEGACY crypto policy enabled)
Product: Portable OpenSSH
Version: 8.7p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: major
2024 Nov 23
1
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ?ssh-rsa?, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2).
See section 3 in https://www.rfc-editor.org/rfc/rfc8332:
rsa-sha2-256 RECOMMENDED sign Raw RSA key
rsa-sha2-512 OPTIONAL
2012 Jul 28
1
[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
ssh-keygen already supports importing and exporting ssh keys using
various formats.
The "-m PEM" which should have been the easiest to be used with
various of external application expects PKCS#1 encoded key, while
many applications use SubjectPublicKeyInfo encoded key.
This change adds SubjectPublicKeyInfo support, to ease integration
with applications.
Examples:
## convert
2010 Apr 02
3
[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key
https://bugzilla.mindrot.org/show_bug.cgi?id=1749
Summary: ssh-keygen cant "import" a generic x509 rsa public key
Product: Portable OpenSSH
Version: 5.4p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo: unassigned-bugs at