https://bugzilla.mindrot.org/show_bug.cgi?id=3351
--- Comment #7 from denisen...@gmail.com --- Adding my findings about difference between 7.4 and 8.8 On 7.4 when this condition is executed: if (ssh == NULL || ssh->kex->server_sig_algs == NULL || (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), options.pubkey_accepted_algos, NULL); } the ssh->compat is equal 0x4000006, which is causing "ssh->compat & SSH_BUG_SIGTYPE" to be true, and therefore execution enters that if and then match_list returns false, causing rejection. On 8.8 the ssh->compat is equal 0x4000000, therefore if is bypassed. Then this section: oallowed = allowed = xstrdup(options.pubkey_accepted_algos); while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; tmp = match_list(sshkey_sigalg_by_name(cp), server_sig_algs, NULL); if (tmp != NULL) alg = xstrdup(cp); free(tmp); if (alg != NULL) break; } Which passes. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs