https://bugzilla.mindrot.org/show_bug.cgi?id=2650
Bug ID: 2650
Summary: UpdateHostKeys ignores RSA keys if
HostKeyAlgorithms=rsa-sha2-256
Product: Portable OpenSSH
Version: 7.4p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
The UpdateHostKeys feature is designed to only add host key
fingerprints to known_hosts if the corresponding signature algorithm is
allowed by the HostKeyAlgorithms setting (see client_input_hostkeys()
in clientloop.c).
However, for RSA keys it only checks HostKeyAlgorithms for the presence
of ssh-rsa. If HostKeyAlgorithms includes rsa-sha2-{256,512}, but not
ssh-rsa, RSA keys are ignored even though they could be used for
authentication.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
