3532 – ssh -Q CASignatureAlgorithms not working

Bug 3532 - ssh -Q CASignatureAlgorithms not working

Summary: ssh -Q CASignatureAlgorithms not working

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	-current
Hardware:	amd64 Linux

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_9_3
	Show dependency tree / graph

Reported:	2023-02-04 05:11 AEDT by xspielinbox+mindrot
Modified:	2023-03-17 13:38 AEDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description xspielinbox+mindrot 2023-02-04 05:11:05 AEDT

The ssh man page (ssh(1)) states for the "-Q query_option" option that "Alternatively, any keyword from ssh_config(5) or sshd_config(5) that takes an algorithm list may be used as an alias for the corresponding query_option."

However, even though CASignatureAlgorithms is listed as taking an algorithm list in ssh_config(5) and sshd_config(5) it does not work with 'ssh -Q'. This makes it extremely difficult to figure out what arguments are accepted for a given version of OpenSSH for this configuration option.

Looking at https://github.com/openssh/openssh-portable/blob/master/ssh.c#L777 and the following lines it seems like there is missing a case for CASignatureAlgorithms.

Comment 1 Damien Miller 2023-02-10 15:40:48 AEDT

This has been fixed and will be in the OpenSSH 9.3 release

Comment 2 xspielinbox+mindrot 2023-02-11 01:04:16 AEDT

Thank you.

Just a question on the implementation: What are the cert algorithms for as a CASignatureAlgorithms? They aren't enabled by default and as intermediate Certificates aren't supported I don't understand how this would work.

Comment 3 Damien Miller 2023-03-17 13:38:51 AEDT

OpenSSH 9.3 has been released. Close resolved bugs