Hello all, the extension negotiation draft (not only) for SHA2 signature algorithms is certainly a good thing, but the result of this negotiation affects also the behavior of the ssh-agent protocol, where is no negotitation of the extension and when it is negotiated between server and client, it is used unconditionally. To get to the core, the problem is with third-party tools talking ssh- agent protocol, which do not implement this extension and ignores additional flags (which is certainly a bug in the agent, but the ssh- agent draft does not say what to do with unknown flags -- shouldn't the draft handle this case explicitly?). We already discussed similar issue with host keys, but a transparent fallback to non-sha2 algorithms does not look like a good idea from security point of view. The only sensible solution around this seems implementing some configuration that would (dis)allow a selection of negotiated extensions (in client or/and server) or just a switch to enable/disable it altogether for a compatibility with older systems. What do you think? Would it be useful? Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev