Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] #24266

Closed
lpzgithub opened this issue Mar 6, 2018 · 6 comments
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone

Comments

@lpzgithub
Copy link

lpzgithub commented Mar 6, 2018

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.9.3 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"

What did you do?

ssh handshake fail:
ssh: handshake failed: ssh: no common algorithm for host key; client offered: [ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa ssh-dss ssh-ed25519], server offered: [x509v3-sign-rsa x509v3-ssh-rsa]

[x509v3-sign-rsa x509v3-ssh-rsa] is not supported for host-key algorithms

// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
// of authenticating servers) in preference order.
var supportedHostKeyAlgos = []string{
	CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
	CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,

	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
	KeyAlgoRSA, KeyAlgoDSA,

	KeyAlgoED25519,
}

I expect supportedHostKeyAlgos support x509v3-ssh-rsa host-key algorithms.

@bradfitz bradfitz changed the title crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] x/crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] Mar 7, 2018
@gopherbot gopherbot added this to the Unreleased milestone Mar 7, 2018
@bradfitz
Copy link
Contributor

bradfitz commented Mar 7, 2018

/cc @hanwen

@hanwen
Copy link
Contributor

hanwen commented Mar 7, 2018

@andybons
Copy link
Member

andybons commented Mar 7, 2018

@hanwen I’m not sure what your comment means. Do you plan to support x509v3-ssh-rsa? If so then please add the NeedsFix label.

@andybons andybons added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Mar 7, 2018
@hanwen
Copy link
Contributor

hanwen commented Mar 7, 2018

sorry, I was in a hurry.

the comment is a link to the RFC. I don't know anything about X509; Maybe @agl has input whether this is a worthwhile thing to support?

@agl
Copy link
Contributor

agl commented Mar 7, 2018

The draft expired 11 years ago. I don't think there's enough supporting evidence here to warrant implementation.

@andybons
Copy link
Member

andybons commented Mar 7, 2018

OK. Closing then.

@andybons andybons closed this as completed Mar 7, 2018
@golang golang locked and limited conversation to collaborators Mar 7, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Development

No branches or pull requests

6 participants