https://bugzilla.mindrot.org/show_bug.cgi?id=3348
Bug ID: 3348
Summary: Not possible to disable rsa-sha2-512 in sshd
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
We have an issue¹ with some old smart cards that don't like the large
signature generated by sha-512. We were hoping to get around this by
disabling rsa-sha2-512 and relying on rsa-sha2-256 instead.
Unfortunately that doesn't work and if you try you just get this in the
log:
> Sep 20 14:35:07 ubuntu2004 sshd[3475]: userauth_pubkey: key type ssh-rsa not
> in PubkeyAcceptedKeyTypes [preauth]
After some digging around we find this FIXME in kex_send_ext_info():
> /* XXX filter algs list by allowed pubkey/hostbased types */
So apparently this was not entirely unexpected. :)
See this is a gentle prod that this functionality would be nice to have
in a future update. :)
¹ https://www.cendio.com/bugzilla/show_bug.cgi?id=7599
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
