Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I'm doing some test with a pkcs11 token that can only sign short messages.

When connecting to one server, that reports pkalg rsa-sha2-512 blen
151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
OpenSSH_7.3p1)

A older server that reports pkalg ssh-rsa blen 151, works perfectly as
the pubkey signature required is only 35 bytes long. (sshd:
OpenSSH_6.7p1)

I am not sure where does this pkalg fit in the process, and all my
attempts to downgrade the algorithm have failed. Even looking at
identity_sign_encode at sshconnect2.c, doesn't help me at all, as
ssh-rsa is not one option.

So very simply, was this deprecated completely, does the new
implementation not allow the client to downgrade it, or is there any
option for it?

Thanks,
Nuno
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux