[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix for ecdsa agent pub key auth
[Thread Prev] | [Thread Next]
- Subject: Re: Fix for ecdsa agent pub key auth
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 03 Apr 2019 10:59:04 +0200
- To: libssh@xxxxxxxxxx
On Wed, 2019-04-03 at 11:01 +0300, Yury Korolev wrote: > Hi, > > I was trying to use ecdsa key with agent auth and get error: > > ssh_packet_socket_callback: packet: read type 60 > [len=140,padding=7,comp=132,payload=132] > ssh_packet_process: Dispatching handler for packet type 60 > ssh_userauth_agent: Public key of id_ecdsa accepted by server > ssh_key_algorithm_allowed: Checking ssh-ecdsa with list <ssh- > ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2- > nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss> > ssh_userauth_agent_publickey: The key algorithm 'ssh-ecdsa' is not > allowed to be used by PUBLICKEY_ACCEPTED_TYPES configuration option > ssh_userauth_agent: Server accepted public key but refused the > signature > > I think, this commit misses agent pubkey auth part: > https://gitlab.com/yurykorolev/libssh-mirror/commit/e5170107c9e38f49adb7865a019e6931ad9803d2 > <https://gitlab.com/yurykorolev/libssh- > mirror/commit/e5170107c9e38f49adb7865a019e6931ad9803d2> > > Patch is attached. Hello. Thank you for the patch. You are right, the agent authentication was for some reason omitted from that patch. We should take also this opportunity to extend the testsuite with this use case (probably only RSA is tested with agent?). Could you try to update the testsuite with this failing use case? In the meantime, there is already a patch solving this issue proposed in the upstream PR 7: https://gitlab.com/libssh/libssh-mirror/merge_requests/7/diffs#c52234782f1f4d13916324a8b884434782826ee5 Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
| Fix for ecdsa agent pub key auth | Yury Korolev <yurykorolev@xxxxxx> |