Re: Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 01/26/2017 09:01 PM, Nuno Gonçalves wrote:
Hi,

I'm doing some test with a pkcs11 token that can only sign short messages.

When connecting to one server, that reports pkalg rsa-sha2-512 blen
151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
OpenSSH_7.3p1)

A older server that reports pkalg ssh-rsa blen 151, works perfectly as
the pubkey signature required is only 35 bytes long. (sshd:
OpenSSH_6.7p1)

I am not sure where does this pkalg fit in the process, and all my
attempts to downgrade the algorithm have failed. Even looking at
identity_sign_encode at sshconnect2.c, doesn't help me at all, as
ssh-rsa is not one option.

So very simply, was this deprecated completely, does the new
implementation not allow the client to downgrade it, or is there any
option for it?

Thanks,
Nuno

This is part of deprecation SHA1 for signatures, which were hardcoded into the core RFCs. The different hashes were introduced in OpenSSH 7.2 [1] and are negotiated using the protocol extension. I don't think there are configuration options to control this behavior, but the new algorithms have higher priority for new OpenSSH versions.

[1] http://www.openssh.com/txt/release-7.2

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux