You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code in crypto/ssh/keys.go still uses insecure SHA1 signatures for RSA keys by default (unless the SignWithAlgorithm is called, but many codepaths such as SignCert will eventually call Sign which passes "" to SignWithAlgorithm. OpenSSH is going to disable this signature scheme by default in the next release as noted here.
Since OpenSSH 8.2ssh-rsa signatures have been disabled for certificate signatures and ssh-keygen has used rsa-sha2-512 as the default for signing certificates.
I could submit a PR changing the signature function for RSA keys to be crypto.SHA512.
I also think that it's probably worth updating the verification to disallow use of SHA1 verification by default.
The text was updated successfully, but these errors were encountered:
The code in crypto/ssh/keys.go still uses insecure SHA1 signatures for RSA keys by default (unless the
SignWithAlgorithm
is called, but many codepaths such asSignCert
will eventually callSign
which passes""
toSignWithAlgorithm
. OpenSSH is going to disable this signature scheme by default in the next release as noted here.Since OpenSSH 8.2
ssh-rsa
signatures have been disabled for certificate signatures andssh-keygen
has usedrsa-sha2-512
as the default for signing certificates.I could submit a PR changing the signature function for RSA keys to be crypto.SHA512.
I also think that it's probably worth updating the verification to disallow use of SHA1 verification by default.
The text was updated successfully, but these errors were encountered: