mirror of
https://github.com/libssh2/libssh2.git
synced 2025-07-29 13:01:14 +03:00
3a6ab70dcf
Replicating OpenSSH's behavior to handle RSA certificate authentication
differently based on the remote server version.
1. For OpenSSH versions >= 7.8, ascertain server's support for RSA Cert
types by checking if the certificate's signature type is present in
the `server-sig-algs`.
2. For OpenSSH versions < 7.8, Set the "SSH_BUG_SIGTYPE" flag when the
RSA key in question is a certificate to ignore `server-sig-algs` and
only offer ssh-rsa signature algorithm for RSA certs.
This arises from the fact that OpenSSH versions up to 7.7 accept
RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7
includes RSA-SHA2 keys in the `server-sig-algs`, versions <=7.7 do not
actually support RSA certs. Therefore, server sending RSA-SHA2 keys in
`server-sig-algs` should not be interpreted as indicating support for
RSA-SHA2 certs. So, `server-sig-algs` are ignored when the RSA key in
question is a cert, and the remote server version is 7.7 or below.
Relevant sections of the OpenSSH source code:
<https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197>
<https://github.com/openssh/openssh-portable/blob/master/compat.c#L43>
Assisted-by: Will Cosgrove
Reviewed-by: Viktor Szakats
2 lines
2.1 KiB
Plaintext
2 lines
2.1 KiB
Plaintext
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgMM4Hjk6jALP2CQJ7CfJ/JYH8fIxjGMp8VZ7o3FpcF5sAAAADAQABAAACAQCp0vxjWDhHiT2u0j7Eor+iLjqfGvx0tGNu//VKW/sLKPnRiR+Ate4adBPSDxrQ6tEkrwQEn48FnUknoXMDum87XRK5hu4b7ukizI9PXHk/dh4J70WAVVB3sTukSKy7/V06EdwDsMtG02l20aVdBcDeGVkMWT4OX/aKhKoxljm4OUsx6/JMVHScQA7BPdVuC+RnN64RQMKLAHPNzIpwR6wdO+lRTZajz9nekcldm+YF7bac7aNUYwEilMriFYgLvvr7QV5W2diZDVRzk2G+6avCYfCCo49P24NJv86ab+S1GsvQkFsTfaTWLKxpAc5A6juRTtvLTBy7ko/XrtRWzJJnhcpSMiYSmyYMqHr6oDR4bnHs2r8nwoUUDfdz9hgnjR2clBkkDjju8MVkcWlD4atZCq2EdHCMPbHsoaRkVrJ4vwYOjuUtzwGxwLzWliBWZTAS4DI1moJX+pCmDshxnIih1TZl+wcUPJgLHIog7cqb7g3GG3AXCrb0eltAI5D7hubuRY6DinUD1moAyjP35QjKwVVPlK0IbF75fCNfIwbTorYZuKh4Fd0bW8DY2/Ev1oH48n1fJvYzI6cywTWl96bzQRYR3kAu1wwYyi2DpyW8qTcPTcfNlw7dRSwIgGSbzOg9XYjCnosN6asmyl9JMVXbC07+PkWtl51kRFDcdRY46wAAAAAAAAAAAAAAAQAAAAhpZGVudGl0eQAAAAsAAAAHbGlic3NoMgAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAxIgbEZbIoQoNJyRjalEYbMwmcNRcGZg6ZA+uC+hxX9lPxhVxYAwbWCWfM3YLmvkQPRf0DYateDlHpiV9/R4IAKMfwHMINbyj5ulj2AG9wzMs10+MLN9kmxXeZXf7EK6iVHjMWhS7tX9NnmNFLbUHuPpzI6DODHvfEIaO084KQyIJ/Z5bONko7eijPZrqkwSFb+FEsIvSLBZ/ueHtAhI34IhclPP/Gx+r6da7TDwOpuL7oncrdqT+zxxZ1J4pEBrGhuJXTvw/xtBRbTKj13gtcEFyOUR50Z7PU4iOhKd694euGSOYgWGXhtehZPp7hr7afli1hOZtNb3xB3OaPqdPY/jYtZkOaZlKtwDjPzGTIfngpE7LZwsp4P2xxGUyCkItZ57uveDHKvFtb9+MIDMgTd27xOuTYYyHS7m5x7w4M1Z9du8IzxHXlQ/UobQAsTUuGusSQloOpZR1cs3s6p4+vLpl63tNjLFy2xYpFf3xL1Dl1Kf6w3qPiyYs5NmxwJcpAAABlAAAAAxyc2Etc2hhMi01MTIAAAGAE60un7XTYj3nTkaDgXRIcgxP0tAeupJ4KFtuLKzpvZwNsgSny8sn6QGanuj2EP6EQFQP2hdfeIYki90gFM4G8TmSv2nyGaPJL70UmRDIAM74V4KfW0eFNve2DWImf321nderiuNbrt0fcNueT9Yc3bdrzimw8sjUWl4loiMZNS0SLpM9S7ARmaWxwWw6i4smEv5buEtQDhu2Um1HCLx9DIbUdypSELuv8tiB3zcc1L7VjoL3BDdwmnG0JOJWFD8wuUt6NotnnQhAuBbopi3I0735HXAqBD2v6kbCXOvWxr1uNbiEf/JAvOi/3GNVVZzNyDCOKHRgl8OgaDfpRQgChtyRN2LxDlnFrBVQiNFQiBr67fitZinU+A9hLra5FWXGRs5oTWq3K6kyfgLd4SHRcPeCz+R1rPKMpPi/ObEYKGLOp9EUNOL+zI2iv0FYSgJSRmaBw+md6SBuoHhEdCUFW8GvG4qufzApAl1MmznY4A0pVxIPZTBd0qSTeeE4ZkSZ key_rsa_sha2_256_signed
|