Re: no mutual signature algorithm with RSA user certs client 7.8, server 7.4

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 10 Oct 2018, Adam Eijdenberg wrote:

> Hi,
> 
> One of our users who is running an OS (I think it's the latest beta
> macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is
> unable to use our user SSH RSA certificates to authenticate to our
> servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan
> 2017").
> 
> We see this error on the client side:
> 
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> ...
> debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key
> debug1: send_pubkey_test: no mutual signature algorithm

That looks like a bug:

diff --git a/sshkey.c b/sshkey.c
index f7c09fb..e602987 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -109,9 +109,9 @@ static const struct keytype keytypes[] = {
 	{ "ssh-rsa-cert-v01@xxxxxxxxxxx", "RSA-CERT", NULL,
 	    KEY_RSA_CERT, 0, 1, 0 },
 	{ "rsa-sha2-256-cert-v01@xxxxxxxxxxx", "RSA-CERT",
-	    "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },
+	    "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 },
 	{ "rsa-sha2-512-cert-v01@xxxxxxxxxxx", "RSA-CERT",
-	    "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },
+	    "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 },
 	{ "ssh-dss-cert-v01@xxxxxxxxxxx", "DSA-CERT", NULL,
 	    KEY_DSA_CERT, 0, 1, 0 },
 	{ "ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx", "ECDSA-CERT", NULL,
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux