Algorithms: who's at fault here?

To: ietf-ssh%netbsd.org@localhost
Subject: Algorithms: who's at fault here?
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 25 Aug 2022 14:04:33 -0400 (EDT)

I recently tried to ssh to a recently-installed Linux machine at work.
Algorithm negotiation failed.  On turning on verbosity, this turned out
to be because, to edit the log down to relevant lines:

remote banner string: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
...
ssh: my algorithms:
...
	hk: ssh-rsa ssh-dss
...
ssh: peer's algorithms (%=unrecognized, *=disabled):
...
	hk: %rsa-sha2-512 %rsa-sha2-256 %ecdsa-sha2-nistp256 %ssh-ed25519

Looking at 4253, the only algorithm for this list I see as REQUIRED is
ssh-dss (though ssh-rsa is RECOMMENDED).  I've gone through the updates
I can find to 4253 (6668, 8268, 8308, 8332, 8709, 8758, 9142) and I
don't find anything removing ssh-dss from REQUIRED status.

Am I missing something?  It sure looks to me like either OpenSSH or
Ubuntu (whichever one decided to do this) gratuitously breaking interop
by desupporting a REQUIRED algorithm.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Algorithms: who's at fault here?
  - From: Jeffrey Hutzelman
- Re: Algorithms: who's at fault here?
  - From: Simon Josefsson
- Re: Algorithms: who's at fault here?
  - From: Niels Möller
- Re: Algorithms: who's at fault here?
  - From: Peter Gutmann
- Re: Algorithms: who's at fault here?
  - From: Sam Hartman

Prev by Date: Re: Async rekey?
Next by Date: Re: Algorithms: who's at fault here?
Previous by Thread: Async rekey?
Next by Thread: Re: Algorithms: who's at fault here?
Indexes:

Home | Main Index | Thread Index | Old Index