libssh2 with rsa-sha2-256, rsa-sha2-512
Michael König
plasm at plasm.de
Tue May 16 14:45:24 CEST 2023
Hi everyone!
> On 5/15/23 11:12, Jo?o M. S. Silva via libssh2-devel wrote:
> >
> > Hi.
> >
> > Is my assumption correct that curl does not support rsa-sha2-256 and
> > rsa-sha2-512, because even if that?s set, libssh2 will ignore those
> > two and use ssh-rsa?
> >
> Hi Jo?o,
>
> For a curl question, you better use the
> https://lists.haxx.se/listinfo/curl-library mailing list.
>
> In libssh2 (and ssh in general) rsa-sha2-256 and rsa-sha2-512 reuse the
> normal ssh-rsa keys: only the signature algorithm and hash size change
> and do not require a key change. See
> https://www.rfc-editor.org/rfc/rfc8332#section-3 and
> https://ikarus.sg/rsa-is-not-dead/
>
> libssh2 supports rsa-sha2-256 and rsa-sha2-512 if the compiled-in tls
> backend implements them (currently all but libgcrypt). Their use is
> decided at run-time after negociation with the server (that should also
> support them of course !) See
> https://www.rfc-editor.org/rfc/rfc8332#section-3.3
>
The version in the repository does, but the last public release of libssh2 does not.
I myself already built a sortof development version of libssh2 for my work environment. Without that libssh2 can no longer open RSA key based connections to recent OpenSSH server installations, because of the lack of rsa-sha2 based signature algorithms.
Also, beyond OpenSSH installations, general security hardening efforts of our customers in the wild flag the rsa-sha1 signatures as woefully insecure on a regular basis.
The rsa-sha2 signatures have been in the repository since january 2022. They just need a release to be accessible to the broader public.
Sincerely,
Michael
More information about the libssh2-devel
mailing list