Bug 3348

Summary: Not possible to disable rsa-sha2-512 in sshd
Product: Portable OpenSSH Reporter: Pierre Ossman <ossman>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: normal CC: djm
Priority: P5    
Version: -current   
Hardware: Other   
OS: Linux   

Description Pierre Ossman 2021-09-21 00:51:19 AEST 
We have an issue¹ with some old smart cards that don't like the large signature generated by sha-512. We were hoping to get around this by disabling rsa-sha2-512 and relying on rsa-sha2-256 instead. Unfortunately that doesn't work and if you try you just get this in the log:

> Sep 20 14:35:07 ubuntu2004 sshd[3475]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]

After some digging around we find this FIXME in kex_send_ext_info():

> 	/* XXX filter algs list by allowed pubkey/hostbased types */

So apparently this was not entirely unexpected. :)

See this is a gentle prod that this functionality would be nice to have in a future update. :)

¹ https://www.cendio.com/bugzilla/show_bug.cgi?id=7599
Comment 1 Damien Miller 2021-09-21 11:21:50 AEST 
It's tricky, because PubkeyAcceptedAlgorithms can be overridden by a sshd_config Match block that is evaluated during user authentication, i.e. well after key exchange completes.

Can you avoid this on the client side by setting PubkeyAcceptedAlgorithms there?
Comment 2 Pierre Ossman 2021-09-21 16:47:36 AEST 
Possibly. Hopefully we can get rid of the old cards and side step the whole thing. We're just exploring options, and a server side config would have been the most robust approach. :)