[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

bugzilla-daemon Thu, 23 Sep 2021 07:23:31 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=3213


Joey Berkovitz <joeyberkov...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |joeyberkov...@gmail.com

--- Comment #12 from Joey Berkovitz <joeyberkov...@gmail.com> ---
It seems that this fix doesn't entirely resolve the issue. I tested on
Fedora 34 with OpenSSH 8.7p1 and I get an error when using an OpenSSH
certificate to connect to a CentOS 7 server running OpenSSH 7.4p1. The
error message is as follows: `send_pubkey_test: no mutual signature
algorithm`

Adding `PubkeyAcceptedKeyTypes +ssh-rsa` allows the connection to go
through, but I don't think that it should be necessary.

For reference, the cert is of type `ssh-rsa-cert-...@openssh.com`. The
public key on the cert is `RSA-CERT SHA256` and the Signing CA uses
`ssh-ed25519`

Please let me know if this can be fixed with a similar compat code
change

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3213] openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes

Reply via email to