| Summary: | keyscan does not list rsa keys if the ssh-rsa is not allowed on server | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jakub Jelen <jjelen> | ||||
| Component: | ssh-keyscan | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 8.0p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2988 | ||||||
| Attachments: |
|
||||||
Applied - thanks closing resolved bugs as of 8.6p1 release |
Created attachment 3294 [details] proposed patch the keyscan is forcing ssh-rsa signature algorithm when scanning for rsa keys and if ssh-rsa (SHA1 variant) is not allowed on server, no RSA keys is returned. The attached patch extends the signature algorithms to offer also the SHA2 variants (and certificate SHA2 variants) so the keyscan can work as expected.