Timeline for How to check if your ssh keys are in the ssh-rsa2 format?
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 14, 2023 at 12:42 | comment | added | balu | @user1686 Thanks, that's what I thought after some more testing, as well. I ended up posting about my issue here: superuser.com/questions/1778874/… | |
| Apr 14, 2023 at 3:59 | comment | added | grawity_u1686 |
@balu: With -Q you're only querying your own ssh client's capabilities, not the server's. What software is the server running? It could be that the server has been configured to not support RSA keys at all (all of the supported EC key types already use at least SHA2 so the special extension is not necessary).
|
|
| Apr 13, 2023 at 23:19 | comment | added | balu |
Great post, thank you! Question: How can I determine my server's supported algorithms if it does not respond with kex_input_ext_info: server-sig-algs=…? I am certain that my server no longer supports ssh-rsa because I can no longer authenticate with my RSA key (no mutual signature algorithm). However, querying e.g. ssh -Q sig <server> or ssh -Q PubKeyAcceptedAlgorithms <server> confusingly still lists ssh-rsa…
|
|
| Aug 30, 2021 at 12:10 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
rewrap to fit
|
| Jun 1, 2020 at 20:16 | comment | added | dave_thompson_085 | The change to SHA256-base64 (instead of md5-hex) fingerprint by default was 6.8 in 2015, but you can override and do old-style fingerprints, see superuser.com/questions/929566/… (Aside from that wish I could +2) | |
| Jun 1, 2020 at 11:43 | comment | added | grawity_u1686 | Since then, GNOME Keyring has switched to using OpenSSH's ssh-agent instead of implementing an internal agent. The most common example is that originally ECDSA signatures had to include some amount of random & unique data (a 'nonce'), and if it was accidentally not unique, it could result in leaking the entire private key. (Apparently it's how they jailbroke PlayStation 3.) There is a recent spec describing a way to use ECDSA with deterministic nonces to avoid this problem, but I'm not sure how widely it is adopted. | |
| Jun 1, 2020 at 9:43 | comment | added | strudelj nudelj | Very informative post! Thank you. What kind of mistakes are common with ECDSA? I did once use a key with ed25519 algorithm and gnome-keyring did not like that (in some old version of ubuntu). | |
| Jun 1, 2020 at 9:19 | vote | accept | strudelj nudelj | ||
| Jun 1, 2020 at 9:02 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 2 characters in body
|
| Jun 1, 2020 at 8:57 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 369 characters in body
|
| Jun 1, 2020 at 8:50 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 369 characters in body
|
| Jun 1, 2020 at 8:37 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 369 characters in body
|
| Jun 1, 2020 at 8:30 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 400 characters in body
|
| Jun 1, 2020 at 8:25 | history | answered | grawity_u1686 | CC BY-SA 4.0 |