Thanks, these have all been committed and will be in openssh-10.0. Thanks especially for writing the regression test. -d On Tue, 12 Nov 2024, maximejeanrey@xxxxxxxxx wrote: > From: Maxime Rey <maximejeanrey@xxxxxxxxx> > > Hello, > > I've discovered an issue with sshd when it's configured to use the SSH agent > alongside multiple host keys. Specifically, this problem happens during the > hostkeys-prove-00@xxxxxxxxxxx request, when the server attempts to > demonstrate ownership of the host keys by calling the agent. > > The issue occurs because, while processing the hostkeys-prove-00@xxxxxxxxxxx > request, sshd does not specify the signature algorithm in its call to > the agent. As a result, when sshd attempts to verify the response, it > encounters an error due to the missing algorithm specification. > > To address this, I have made two contributions: > > 1 - A modified hostkey-agent.sh regression test that reproduces the issue > under these conditions. > 2 - A patch in serverloop.c to correct the error > by ensuring the algorithm is explicitly specified during the > hostkeys-prove-00@xxxxxxxxxxx response. > > Thank you for your time and feedback. > > Best regards, > Maxime > > Maxime Rey (2): > Add test to cover multiple server hostkeys with agent > Specify signature algorithm during server hostkeys prove > > regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++ > serverloop.c | 3 +++ > 2 files changed, 34 insertions(+) > > -- > 2.47.0 > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev