Re: [PATCH] Specify signature algorithm during server hostkeys prove

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 28 Oct 2024, Maxime Rey wrote:

> 
> Hello,
> 
> I've found that when using the ssh agent and sshd together, there is an issue
> when using multiple host keys. Specifically, after the key exchange phase,
> when a client requests proof of ownership for the host keys via the
> "hostkeys-prove-00@xxxxxxxxxxx" request, the server prepares the response
> without specifying the signature algoorithm in case of non-RSA keys.
> 
> This leads to "SSH_ERR_INVALID_ARGUMENT" when verifying the signature in :
> 
> openssh-portable/authfd.c line 
> if ((r = sshkey_check_sigtype(sig, len, alg)) != 0)
> 
> To resolve this, I explicitly sets the signature
> algorithm, ensuring proper verification for all key types.
> 
> I would appreciate any feedback or suggestions regarding this issue.

Hi,

I'm having trouble replicating this failure by making changes to the
existing hostkey-agent.sh regress test.

Can you share a bit more about how it happens? Debug traces from the
client and server would be very helpful.

Thanks,
Damien Miller
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux