On Mon, 28 Oct 2024, Maxime Rey wrote: > > Hello, > > I've found that when using the ssh agent and sshd together, there is an issue > when using multiple host keys. Specifically, after the key exchange phase, > when a client requests proof of ownership for the host keys via the > "hostkeys-prove-00@xxxxxxxxxxx" request, the server prepares the response > without specifying the signature algoorithm in case of non-RSA keys. > > This leads to "SSH_ERR_INVALID_ARGUMENT" when verifying the signature in : > > openssh-portable/authfd.c line > if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) > > To resolve this, I explicitly sets the signature > algorithm, ensuring proper verification for all key types. > > I would appreciate any feedback or suggestions regarding this issue. Hi, I'm having trouble replicating this failure by making changes to the existing hostkey-agent.sh regress test. Can you share a bit more about how it happens? Debug traces from the client and server would be very helpful. Thanks, Damien Miller _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev