[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

bugzilla-daemon Wed, 03 Mar 2021 17:49:32 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=3213


Gordon Messmer <gordon.mess...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3448|0                           |1
        is obsolete|                            |

--- Comment #8 from Gordon Messmer <gordon.mess...@gmail.com> ---
Created attachment 3476
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3476&action=edit
Use RSA keys for OpenSSH 7.4 servers, if local policy permits

I've rebased the previous patch and moved the compat code to its own
function.

Using a custom config matching Fedora's current default to connect to a
Debian 9 (openssh 7.4) VM, I've verified that an RSA key will be used
successfully with the patch, and will not be attempted without it.

Host 192.168.122.246
        PubkeyAcceptedAlgorithms
ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-...@openssh.com,sk-ecdsa-sha2-nistp...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519,ssh-ed25519-cert-...@openssh.com,sk-ssh-ed25...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-...@openssh.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

Reply via email to