New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression in 2.9.x - authentication with signed ssh key fails #1963
Comments
Have a similar issue with 2.9, with a ssh-rsa key and a legacy SSH Server, that does not send a list of supported algorithms:
|
I configured OpenSSH 8.4p1 with CA public keys and tested with paramiko 2.8.x and 2.9.x. Authentication with paramiko 2.8.x succeeded, however with 2.9.x failed, even if ssh serer isn't legacy. OpenSSH auth.log
|
Root cause is that public key algorithm name while sending userauth request with signed RSA key should be Tried to fix it: jun66j5/paramiko@3784df1ee. |
This was already disccused on #1961 |
This issue occurs on OpenSSH 8.4p1 (not legacy) too. It is not caused by deprecated ssh-rsa algorithm. |
I have the same issue and can confirm that the proposed fix #1963 (comment) would solve it. With this fix, I could establish an SSH connection.
Just specifying disabled_algorithms as proposed in #1963 (comment) did not fix the issue.
|
I'm using signed ssh keys to authenticate to a host. This has worked flawlessly up until Paramiko 2.8.1, but with 2.9.0 and 2.9.1 it fails.
Example program:
robot-test-cert.pub
is signed via ssh-keygen, and has the following metadata:Running this program with paramiko 2.8.1 gives the following output:
However, with paramiko 2.9.1 I instead get the following:
The text was updated successfully, but these errors were encountered: