1912 – 5.8 ssh-keysign lacks ECDSA support

Bug 1912 - 5.8 ssh-keysign lacks ECDSA support

Summary: 5.8 ssh-keysign lacks ECDSA support

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Miscellaneous (show other bugs)
Version:	5.8p2
Hardware:	All All

Importance:	P2 critical
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-06-08 18:50 AEST by Allen Parker
Modified:	2011-06-10 12:08 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Allen Parker 2011-06-08 18:50:15 AEST

The patch located at http://hg.mindrot.org/openssh/rev/138961506b91?revcount=30 must be applied to the 5.8 branch in order to use ECDSA. Why this patch wasn't included in 5.8_p2 is a mystery as it's required to use ECDSA with host-based authentication. Please rectify this oversight as soon as possible.

Comment 1 Damien Miller 2011-06-09 19:06:04 AEST

The 5.8 branch is for security fixes only. This patch will be released as part of OpenSSH 5.9.

Comment 2 Allen Parker 2011-06-09 19:09:25 AEST

Why 5.8 was released without completely supporting ECDSA completely is beyond me. My inability to use host-based authentication with ECDSA is a security issue which should be rectified.

Comment 3 Damien Miller 2011-06-10 12:08:11 AEST

Despite what you might like to believe, lack of support for a brand new key type in a lesser-used authentication method is not a security bug.

Anyway, I don't know why you are fiddling with this bug as there are no more 5.8 releases planned. Your options are to apply the patch yourself or wait until 5.9.