3029 – keyscan does not list rsa keys if the ssh-rsa is not allowed on server

Bug 3029 - keyscan does not list rsa keys if the ssh-rsa is not allowed on server

Summary: keyscan does not list rsa keys if the ssh-rsa is not allowed on server

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keyscan (show other bugs)
Version:	8.0p1
Hardware:	Other Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_8_1
	Show dependency tree / graph

Reported:	2019-07-02 20:47 AEST by Jakub Jelen
Modified:	2021-04-23 14:57 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch (799 bytes, patch) 2019-07-02 20:47 AEST, Jakub Jelen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Jelen 2019-07-02 20:47:26 AEST

Created attachment 3294 [details]
proposed patch

the keyscan is forcing ssh-rsa signature algorithm when scanning for rsa keys and if ssh-rsa (SHA1 variant) is not allowed on server, no RSA keys is returned.

The attached patch extends the signature algorithms to offer also the SHA2 variants (and certificate SHA2 variants) so the keyscan can work as expected.

Comment 1 Damien Miller 2019-07-12 14:09:02 AEST

Applied - thanks

Comment 2 Damien Miller 2021-04-23 14:57:02 AEST

closing resolved bugs as of 8.6p1 release