On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > > Could you try this? > > > > diff --git a/sshconnect2.c b/sshconnect2.c > > index f104408..1d2906f 100644 > > --- a/sshconnect2.c > > +++ b/sshconnect2.c > > @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > > * newer (SHA2) algorithms. > > */ > > if (ssh == NULL || ssh->kex->server_sig_algs == NULL || > > - (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { > > + (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || > > + (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { > > /* Filter base key signature alg against our configuration */ > > return match_list(sshkey_ssh_name(key), > > options.pubkey_key_types, NULL); > > That fixes it for me, thank you. Would you still like a copy of the > previous failing client trace? No, I think I figured it out :) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev