Created attachment 3288 [details] use correct algorithm identification in ssh-agent If I read the certkeys specification [1] and the source code correctly, the ssh-agent does not generate correct signatures when the certificate is loaded in agent. The agent_decode_alg() function [2] looks only on the actual key type and for certificate key types, does not generate correct alg argument for the sshkey_sign() function (ending with raw ssh-rsa signature). This is not the same what happens in sshconnect2.c in key_sig_algorithm() [3], where also the certificate types are taken into the account and the alg argument to sshkey_sign() is properly formatted. I do not have separate reproducer inside of OpenSSH since I was using OpenSSH agent, libssh client and openSSH server, which failed to verify these signatures (when the base rsa-ssh algorithms were disabled). The attached patch resolved the issue for me in the above setup. I am not sure whether there is some more elegant way how to achieve the same. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys#L41 [2] https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L265 [3] https://github.com/openssh/openssh-portable/blob/master/sshconnect2.c#L1102
Looks correct (sigh); I'll get it committed
Committed in 2317ce4b0ed7d and will be available in OpenSSH 8.1. I'll also cherry-pick this to the V_8_0 stable branch.
closing resolved bugs as of 8.6p1 release