https://bugzilla.mindrot.org/show_bug.cgi?id=2680
--- Comment #7 from Damien Miller <[email protected]> --- (In reply to Jakub Jelen from comment #6) > Although the patch looks reasonable and I considered it as a > resolved issue, it is not as the current master (openssh 7.5) still > reports: > > debug1: kex_input_ext_info: > server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh- > dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null> That's AFAIK what it's supposed to be, excepting the "null" at the end of the list - where does that come from? > The correct list: > > debug1: kex_input_ext_info: > server-sig-algs=<rsa-sha2-256,rsa-sha2-512> Doesn't list non-RSA signature algorithms. Per https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info-10 : > This extension is sent by the server, and contains a list of public > key algorithms that the server is able to process as part of a > "publickey" authentication request. That doesn't limit the contents to just new signature algorithms. We don't currently provide a knob to disable SHA1 signtures, but feel free to file another bug to request it and I'll try to get it done before 7.6. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
