| Summary: | Use SHA2 in ssh-keygen key verification | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Dmitry Belyavskiy <dbelyavs> | ||||
| Component: | ssh-keygen | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 8.7p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 3533 | ||||||
| Attachments: |
|
||||||
similar fix applied. Will be in OpenSSH 9.3, due soon OpenSSH 9.3 has been released. Close resolved bugs |
Created attachment 3681 [details] Proposed fix ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). The proposed patch enforces using a sha2 algorithm for key verification.