libssh2 with rsa-sha2-256, rsa-sha2-512
João M. S. Silva
joao.m.santos.silva at gmail.com
Tue May 16 12:52:14 CEST 2023
Hello Patrick, thanks.
For a curl question, you better use the
> https://lists.haxx.se/listinfo/curl-library mailing list.
>
> Yes, I'm also writing to curl's mailing list.
> In libssh2 (and ssh in general) rsa-sha2-256 and rsa-sha2-512 reuse the
> normal ssh-rsa keys: only the signature algorithm and hash size change
> and do not require a key change. See
> https://www.rfc-editor.org/rfc/rfc8332#section-3 and
> https://ikarus.sg/rsa-is-not-dead/
OK, I see.
libssh2 supports rsa-sha2-256 and rsa-sha2-512 if the compiled-in tls
> backend implements them (currently all but libgcrypt). Their use is
> decided at run-time after negociation with the server (that should also
> support them of course !) See
> https://www.rfc-editor.org/rfc/rfc8332#section-3.3
I'm using openssl, which is also the default. So it should work.
Is it possible that server-sig-algs is somehow not supported by the server
(sshd)?
Why did curl/libssh2 offer:
Unable to negotiate with 127.0.0.1 port 43382: no matching host key type
found. Their offer: ssh-rsa [preauth]
it makes sense that server-sig-algs was not supported by the server and
libssh2 dropped down to ssh-rsa to avoid the penalization.
This hypothesis makes sense, but how do I enable server-sig-algs extension
in sshd?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.haxx.se/pipermail/libssh2-devel/attachments/20230516/938178b1/attachment.htm>
More information about the libssh2-devel
mailing list