https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577
Summary: CASignatureAlgorithms supports -cert alogrithms
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-b...@mindrot.org
Reporter: xspielinbox+mind...@protonmail.com
Hello,
The CASignatureAlgorithms directive in ssh and sshd supports the
following algorithms:
ssh-ed25519
ssh-ed25519-cert-...@openssh.com
sk-ssh-ed25...@openssh.com
sk-ssh-ed25519-cert-...@openssh.com
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ecdsa-sha2-nistp...@openssh.com
webauthn-sk-ecdsa-sha2-nistp...@openssh.com
ssh-rsa-cert-...@openssh.com
rsa-sha2-256-cert-...@openssh.com
rsa-sha2-512-cert-...@openssh.com
ssh-dss-cert-...@openssh.com
ecdsa-sha2-nistp256-cert-...@openssh.com
ecdsa-sha2-nistp384-cert-...@openssh.com
ecdsa-sha2-nistp521-cert-...@openssh.com
sk-ecdsa-sha2-nistp256-cert-...@openssh.com
Why are the *-cert-...@openssh.com algorithms allowed here? This seems
wrong to me as per documentation intermediate certificates aren't
supported and I don't see how this would work then.
They also aren't enabled by default.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
