Re: Call for testing: OpenSSH 8.5

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Wed, 24 Feb 2021 at 11:16, Phil Pennock <phil.pennock@xxxxxxxxxxx> wrote:
>   # /etc/ssh/sshd_config:
>   PubkeyAcceptedAlgorithms -ssh-rsa,-ssh-rsa-cert-*,-rsa*

"If the specified list begins with a  '-' character, then the
specified key types (including wildcards)will be removed from the
default set instead of replacing them."

Only the first "-" indicates the specified patterns are to be removed,
the other ones form part of the patterns and thus don't match any
algorithms.  You probably want something like:

$ sudo ./sshd -T -o 'PubkeyAcceptedAlgorithms
-ssh-rsa,ssh-rsa-cert-*,rsa*' | grep -i PubkeyAcceptedAlgorithms
pubkeyacceptedalgorithms
ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux