https://bugzilla.mindrot.org/show_bug.cgi?id=2944
Bug ID: 2944
Summary: ssh-agent returns incorrect signature type for
[email protected] and
[email protected]
Product: Portable OpenSSH
Version: 7.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
Created attachment 3216
--> https://bugzilla.mindrot.org/attachment.cgi?id=3216&action=edit
Patch for authfd.c to consider rsa-sha2-*cert algorithm types to
properly request the signature at the agent
After upgrading to 7.9p1 we encountered the following warnings during
ssh client usage:
agent key RSA-CERT SHA256:IC6hv9VA5eBGO2oW0vRB8zkOvl954JwZ5KHU2lnaHW4
returned incorrect signature type
The detailed output shows the following:
debug1: Server accepts key: /home/daa/.ssh/id_rsa RSA-CERT
SHA256:lSQIkaEaSCKJLOi5eV0Z+7fR8W/Z1nm1+DHAupcdk5M explicit agent
debug3: sign_and_send_pubkey: RSA-CERT
SHA256:lSQIkaEaSCKJLOi5eV0Z+7fR8W/Z1nm1+DHAupcdk5M
debug2: sign_and_send_pubkey: using private key "/home/daa/.ssh/id_rsa"
from agent for certificate
debug3: sign_and_send_pubkey: signing using
[email protected]
agent key RSA-CERT SHA256:lSQIkaEaSCKJLOi5eV0Z+7fR8W/Z1nm1+DHAupcdk5M
returned incorrect signature type
debug3: sign_and_send_pubkey: signing using
[email protected]
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Openssh 7.8p1 was only using [email protected] when using
RSA-CERT.
A quick look at the authfd.c file, leads me to the conclusion that the
agent_encode_alg does not properly consider RSA-CERT in the signature
algorithm encoding, so that not a rsa-sha2-* signature is requested at
the ssh-agent.
I've attached a patch fixing this obvious error, please feel free to
adjust the patch if required.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
