Re: no mutual signature algorithm with RSA user certs client 7.8, server 7.4

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 11 Oct 2018, Adam Eijdenberg wrote:

> Thanks for looking into. I wasn't able to get the patch to apply
> cleanly to the portable source for whatever reason, so I manually made
> the changes and got a little further. I now get past the "no mutual
> signature algorithm" client message, and get an error on the server
> side (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017):
> 
> userauth_pubkey: unsupported public key algorithm:
> rsa-sha2-512-cert-v01@xxxxxxxxxxx [preauth]

Could you sent me a debug trace from the client for this? We shouldn't
send this algorithm name unless the server supports it.

> Along the way I noticed that there seems to be duplicated entries in
> the keytypes[] array - is this intentional? ie the following 2
> contiguous sections appear to be identical. I ended up changing both
> on my client to remove the "ssh-" prefix:
> 
> https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L116-L123
> https://github.com/openssh/openssh-portable/blob/V_7_8_P1/sshkey.c#L124-L131

Thanks, I've committed a fix for this.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux