https://bugzilla.mindrot.org/show_bug.cgi?id=3583
Bug ID: 3583 Summary: server-sig-algs reports incorrect list of algorithms Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: aiv...@gmail.com OpenSSH server (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than are actually allowed. Modified server configuration (just one PK algorithm allowed): PubkeyAcceptedAlgorithms rsa-sha2-256 Obtaining debug info: ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512 ec2-user@<...IP...> Debug output: debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25...@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com,webauthn-sk-ecdsa-sha2-nistp...@openssh.com> Additional notes: Note that Putty is unable to connect with the default connection options if server is configured like this, because it will always attempt to use rsa-sha2-512, I'm guessing due to it being sent in server-sig-algs list. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs