Re: Call for testing: OpenSSH 8.2

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Feb 06, 2020 at 01:23:09PM +1100, Darren Tucker wrote:
[...]
> Those are "sign only" algorithms that use the same RSA keys but with a
> stronger signature algorithms.  It looks like the advice in
> sshd_config(5) is not accurate (I think ssh -Q needs an option that
> calls sshkey_alg_list with certs_only=0, plain_only=0 and
> include_sigonly=1 for this case).

Like this.

diff --git a/ssh.c b/ssh.c
index 35972fe3..98099295 100644
--- a/ssh.c
+++ b/ssh.c
@@ -750,6 +750,8 @@ main(int ac, char **av)
 				cp = sshkey_alg_list(1, 0, 0, '\n');
 			else if (strcmp(optarg, "key-plain") == 0)
 				cp = sshkey_alg_list(0, 1, 0, '\n');
+			else if (strcmp(optarg, "key-sig") == 0)
+				cp = sshkey_alg_list(0, 0, 1, '\n');
 			else if (strcmp(optarg, "sig") == 0)
 				cp = sshkey_alg_list(0, 1, 1, '\n');
 			else if (strcmp(optarg, "protocol-version") == 0)
@@ -763,7 +765,7 @@ main(int ac, char **av)
 			} else if (strcmp(optarg, "help") == 0) {
 				cp = xstrdup(
 				    "cipher\ncipher-auth\ncompression\nkex\n"
-				    "key\nkey-cert\nkey-plain\nmac\n"
+				    "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
 				    "protocol-version\nsig");
 			}
 			if (cp == NULL)
diff --git a/sshd_config.5 b/sshd_config.5
index 0684300f..465ee53d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -776,7 +776,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q key-sig .
 .It Cm IgnoreRhosts
 Specifies that
 .Pa .rhosts

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux