similar to: [Bug 3546] New: Use SHA2 in ssh-keygen key verification

@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html . It can also help other folks who may be encountering the same issue. -- jmk > On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > ?Dear colleagues, > > Could you please take a look? > >> On Fri, Jan 20, 2023 at 12:55?PM

Dear colleagues, Could you please take a look? On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > Dear colleagues, > > ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). > > The proposed patch enforces

Dear colleagues, ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). The proposed patch enforces using a sha2 algorithm for key verification. -- Dmitry Belyavskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-keygen.patch

https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Bug ID: 3253 Summary: ssh-keygen man page still lists deprecated key types for -t Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=3494 Bug ID: 3494 Summary: ssh-keygen -r cannot disable SHA-1 digest Product: Portable OpenSSH Version: 9.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3533 Bug ID: 3533 Summary: tracking bug for openssh-9.3 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Dear colleagues, I came across an upstream test suite failure on Fedora 36. The test in question is forwarding, the output is ========== adding modulifile='/home/dbelyavs/work/upstream/openssh-portable/moduli' to sshd_config using cached key type ssh-ed25519 using cached key type sk-ssh-ed25519 at openssh.com using cached key type ecdsa-sha2-nistp256 using cached key type

With the upcoming deprecation of ssh-rsa I was trying to see what keys my version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not actually list the suggested algorithms to transition to ( rsa-sha2-256 and rsa-sha2-512 ) even though they are supported. Looking through the code, it looks like an issue with the arguments passed to sshkey_alg_list in ssh.c where it should

On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy at mips.inka.de> wrote > On 2020-06-01, Ethan Rahn <ethan.rahn at gmail.com> wrote: > > > With the upcoming deprecation of ssh-rsa I was trying to see what keys my > > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not > > actually list the suggested algorithms to

https://bugzilla.mindrot.org/show_bug.cgi?id=3289 Bug ID: 3289 Summary: Patch fixing the issues found by coverity scan Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3216 Bug ID: 3216 Summary: Confusing error "host key ... has changed" when connecting to a server not offering matching host key types Product: Portable OpenSSH Version: 7.9p1 Hardware: ARM64 OS: Linux Status: NEW

Hi OpenSSH, I'm working on updating Guix's openssh package definition to the latest release. So far, I have only changed the version (and checksum) and left the build/test/install recipe the same. However, the test suite now fails. I could use some pointers to find out what exactly is going wrong with the failing test or how to fix it. I'm happy to provide more information about

https://bugzilla.mindrot.org/show_bug.cgi?id=3545 Bug ID: 3545 Summary: Output from ssh-keygen -e, which should always be a public-key, is not accepted by ssh-keygen -l Product: Portable OpenSSH Version: 8.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=3665 Bug ID: 3665 Summary: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled) Product: Portable OpenSSH Version: 8.7p1 Hardware: ix86 OS: Linux Status: NEW Severity: major

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

ssh-keygen already supports importing and exporting ssh keys using various formats. The "-m PEM" which should have been the easiest to be used with various of external application expects PKCS#1 encoded key, while many applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert

https://bugzilla.mindrot.org/show_bug.cgi?id=1749 Summary: ssh-keygen cant "import" a generic x509 rsa public key Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at

Using ssh-keygen from OpenSSH-2.9p1, I can perform the following key conversions: - convert a commercial public key into an OpenSSH public key: % ssh-keygen -i -f commercial-key.pub > openssh-key.pub - convert a commercial private key into an OpenSSH private key, provided that the commercial key has no password % ssh-keygen -i -f commercial-key > openssh-key -

https://bugzilla.mindrot.org/show_bug.cgi?id=2513 Bug ID: 2513 Summary: Do not mention rsa1 key type in ssh-keygen usage & in manual pages Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement