HostkeyAlgorithms + support seems broken [7.0]

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



The `+' support for HostkeyAlgorithms seems wrong compared to the other
configuration options; it replaces with literal +value.

Default:

# sshd -v
sshd: illegal option -- v
OpenSSH_7.0p1, OpenSSL 1.0.2d 9 Jul 2015

# sshd -T -f /usr/local/etc/ssh/sshd_config|grep hostkeyalgorithms
hostkeyalgorithms
ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa

With this in sshd_config:
HostkeyAlgorithms +ssh-dss

The result:

# sshd -T -f /usr/local/etc/ssh/sshd_config|grep hostkeyalgorithms
hostkeyalgorithms +ssh-dss

This disables all algorithms:

# ssh -vvv user@127.0.0.1
...
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@xxxxxxxxxxx'
debug1: kex: server->client chacha20-poly1305@xxxxxxxxxxx <implicit> none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@xxxxxxxxxxx'
debug1: kex: client->server chacha20-poly1305@xxxxxxxxxxx <implicit> none
Unable to negotiate with 127.0.0.1: no matching host key type found.
Their offer:


A similar problem exists with ssh_config:

# ssh -G user@127.0.0.1|grep hostkeyalgorithms
hostkeyalgorithms +ssh-dss




Also many of these new configuration options are missing in the manpages.

-- 
Regards,
Bryan Drewery

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux