IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Algorithms: who's at fault here?
I recently tried to ssh to a recently-installed Linux machine at work.
Algorithm negotiation failed. On turning on verbosity, this turned out
to be because, to edit the log down to relevant lines:
remote banner string: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
...
ssh: my algorithms:
...
hk: ssh-rsa ssh-dss
...
ssh: peer's algorithms (%=unrecognized, *=disabled):
...
hk: %rsa-sha2-512 %rsa-sha2-256 %ecdsa-sha2-nistp256 %ssh-ed25519
Looking at 4253, the only algorithm for this list I see as REQUIRED is
ssh-dss (though ssh-rsa is RECOMMENDED). I've gone through the updates
I can find to 4253 (6668, 8268, 8308, 8332, 8709, 8758, 9142) and I
don't find anything removing ssh-dss from REQUIRED status.
Am I missing something? It sure looks to me like either OpenSSH or
Ubuntu (whichever one decided to do this) gratuitously breaking interop
by desupporting a REQUIRED algorithm.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index