Bug 3348 - Not possible to disable rsa-sha2-512 in sshd
Summary: Not possible to disable rsa-sha2-512 in sshd
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: Other Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-21 00:51 AEST by Pierre Ossman
Modified: 2021-09-21 16:47 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Ossman 2021-09-21 00:51:19 AEST 
We have an issue¹ with some old smart cards that don't like the large signature generated by sha-512. We were hoping to get around this by disabling rsa-sha2-512 and relying on rsa-sha2-256 instead. Unfortunately that doesn't work and if you try you just get this in the log:

> Sep 20 14:35:07 ubuntu2004 sshd[3475]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]

After some digging around we find this FIXME in kex_send_ext_info():

> 	/* XXX filter algs list by allowed pubkey/hostbased types */

So apparently this was not entirely unexpected. :)

See this is a gentle prod that this functionality would be nice to have in a future update. :)

¹ https://www.cendio.com/bugzilla/show_bug.cgi?id=7599
Comment 1 Damien Miller 2021-09-21 11:21:50 AEST 
It's tricky, because PubkeyAcceptedAlgorithms can be overridden by a sshd_config Match block that is evaluated during user authentication, i.e. well after key exchange completes.

Can you avoid this on the client side by setting PubkeyAcceptedAlgorithms there?
Comment 2 Pierre Ossman 2021-09-21 16:47:36 AEST 
Possibly. Hopefully we can get rid of the old cards and side step the whole thing. We're just exploring options, and a server side config would have been the most robust approach. :)