Bugzilla – Attachment 3527 Details for
Bug 3213
openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
simplified patch
bz3213.diff (text/plain), 2.01 KB, created by
Damien Miller
on 2021-06-04 13:44:42 AEST
(
hide
)
Description:
simplified patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2021-06-04 13:44:42 AEST
Size:
2.01 KB
patch
obsolete
>diff --git a/compat.c b/compat.c >index 69befa96f..9553b86ec 100644 >--- a/compat.c >+++ b/compat.c >@@ -63,6 +63,8 @@ compat_banner(struct ssh *ssh, const char *version) > { "OpenSSH_6.5*," > "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD| > SSH_BUG_SIGTYPE}, >+ { "OpenSSH_7.4*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE| >+ SSH_BUG_SIGTYPE74}, > { "OpenSSH_7.0*," > "OpenSSH_7.1*," > "OpenSSH_7.2*," >diff --git a/compat.h b/compat.h >index c197fafc5..699ee3c6f 100644 >--- a/compat.h >+++ b/compat.h >@@ -29,7 +29,7 @@ > > #define SSH_BUG_UTF8TTYMODE 0x00000001 > #define SSH_BUG_SIGTYPE 0x00000002 >-/* #define unused 0x00000004 */ >+#define SSH_BUG_SIGTYPE74 0x00000004 > /* #define unused 0x00000008 */ > #define SSH_OLD_SESSIONID 0x00000010 > /* #define unused 0x00000020 */ >diff --git a/sshconnect2.c b/sshconnect2.c >index a53ab95db..0591bdbaa 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -1175,6 +1175,7 @@ static char * > key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > { > char *allowed, *oallowed, *cp, *tmp, *alg = NULL; >+ const char *server_sig_algs; > > /* > * The signature algorithm will only differ from the key algorithm >@@ -1189,6 +1190,14 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > options.pubkey_accepted_algos, NULL); > } > >+ /* >+ * Workaround OpenSSH 7.4 bug: this version supports RSA/SHA-2 but >+ * fails to advertise it via SSH2_MSG_EXT_INFO. >+ */ >+ server_sig_algs = ssh->kex->server_sig_algs; >+ if (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74)) >+ server_sig_algs = "rsa-sha2-256,rsa-sha2-512"; >+ > /* > * For RSA keys/certs, since these might have a different sig type: > * find the first entry in PubkeyAcceptedAlgorithms of the right type >@@ -1200,7 +1209,7 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) > if (sshkey_type_from_name(cp) != key->type) > continue; > tmp = match_list(sshkey_sigalg_by_name(cp), >- ssh->kex->server_sig_algs, NULL); >+ server_sig_algs, NULL); > if (tmp != NULL) > alg = xstrdup(cp); > free(tmp);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3527">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 3213
:
3446
|
3448
|
3476
| 3527