https://bugzilla.mindrot.org/show_bug.cgi?id=3583
Bug ID: 3583
Summary: server-sig-algs reports incorrect list of algorithms
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-b...@mindrot.org
Reporter: aiv...@gmail.com
OpenSSH server (OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023) in Amazon
Linux (6.1.29-50.88.amzn2023.aarch64) reports more PK algorithms than
are actually allowed.
Modified server configuration (just one PK algorithm allowed):
PubkeyAcceptedAlgorithms rsa-sha2-256
Obtaining debug info:
ssh -vvv -i mykey.pem -o PubkeyAcceptedKeyTypes=rsa-sha2-512
ec2-user@<...IP...>
Debug output:
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25...@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com,webauthn-sk-ecdsa-sha2-nistp...@openssh.com>
Additional notes:
Note that Putty is unable to connect with the default connection
options if server is configured like this, because it will always
attempt to use rsa-sha2-512, I'm guessing due to it being sent in
server-sig-algs list.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
