On 01/26/2017 09:01 PM, Nuno Gonçalves wrote:
Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure where does this pkalg fit in the process, and all my attempts to downgrade the algorithm have failed. Even looking at identity_sign_encode at sshconnect2.c, doesn't help me at all, as ssh-rsa is not one option. So very simply, was this deprecated completely, does the new implementation not allow the client to downgrade it, or is there any option for it? Thanks, Nuno
This is part of deprecation SHA1 for signatures, which were hardcoded into the core RFCs. The different hashes were introduced in OpenSSH 7.2 [1] and are negotiated using the protocol extension. I don't think there are configuration options to control this behavior, but the new algorithms have higher priority for new OpenSSH versions.
[1] http://www.openssh.com/txt/release-7.2 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev