OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I'm using the most up to date version of openssh on OL8 that I can patch to
(OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of
ssh-rsa, but apparently am connecting to a host that uses ssh-rsa.  I've
tried adding

HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01@xxxxxxxxxxx
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01@xxxxxxxxxxx
or
HostkeyAlgorithms +ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-rsa

to my .ssh/config and still receive an error message of:

agent key RSA-CERT SHA256:..... returned incorrect signature type
sign_and_send_pubkey: no mutual signature supported

if I update-crpyto-policies to the DEFAULT policy, the connectivity works
correctly.  I'm a bit confused as to why openssh isn't using my personal
config settings to override the system wide settings or am I not setting
the necessary or is this by design?

---


Regards,

Kevin Martin
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux