Bug 3546 - Use SHA2 in ssh-keygen key verification
Summary: Use SHA2 in ssh-keygen key verification
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-keygen (show other bugs)
Version: 8.7p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_9_3
  Show dependency treegraph
 
Reported: 2023-03-04 04:52 AEDT by Dmitry Belyavskiy
Modified: 2023-03-17 13:43 AEDT (History)
1 user (show)

See Also:

Attachments
Proposed fix (1.19 KB, patch)
2023-03-04 04:52 AEDT, Dmitry Belyavskiy 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Belyavskiy 2023-03-04 04:52:27 AEDT 
Created attachment 3681 [details]
Proposed fix

ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+).

The proposed patch enforces using a sha2 algorithm for key verification.
Comment 1 Damien Miller 2023-03-08 11:07:33 AEDT 
similar fix applied. Will be in OpenSSH 9.3, due soon
Comment 2 Damien Miller 2023-03-17 13:43:01 AEDT 
OpenSSH 9.3 has been released. Close resolved bugs