Hi all,
This only affect RSA certificates, not ECDSA or ED25519 certs
Even if your CA is an RSA key, you can sign ECDSA or ED25519 public keys so you
get ECDSA/ED25519 certificates which allow you to work around the issue without
changing anything server-side
(and without deploying a new CA)
Exemple of working cert (7.8 client, <7.8 server):
$ ssh-keygen -Lf ~/.ssh/id_ed25519-cert.pub
~/.ssh/id_ed25519-cert.pub:
Type: ssh-ed25519-cert-...@openssh.com user certificate
Public key: ED25519-CERT SHA256:<...>
Signing CA: RSA SHA256:<...>
Key ID: "..."
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790963
Title:
Unable to connect with openssh 7.8 client and certificates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1790963/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
