From: Maxime Rey <maximejeanrey@xxxxxxxxx>
Hello,
I've discovered an issue with sshd when it's configured to use the SSH agent
alongside multiple host keys. Specifically, this problem happens during the
hostkeys-prove-00@xxxxxxxxxxx request, when the server attempts to
demonstrate ownership of the host keys by calling the agent.
The issue occurs because, while processing the hostkeys-prove-00@xxxxxxxxxxx
request, sshd does not specify the signature algorithm in its call to
the agent. As a result, when sshd attempts to verify the response, it
encounters an error due to the missing algorithm specification.
To address this, I have made two contributions:
1 - A modified hostkey-agent.sh regression test that reproduces the issue
under these conditions.
2 - A patch in serverloop.c to correct the error
by ensuring the algorithm is explicitly specified during the
hostkeys-prove-00@xxxxxxxxxxx response.
Thank you for your time and feedback.
Best regards,
Maxime
Maxime Rey (2):
Add test to cover multiple server hostkeys with agent
Specify signature algorithm during server hostkeys prove
regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++
serverloop.c | 3 +++
2 files changed, 34 insertions(+)
--
2.47.0
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
