You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This extension is sent by the server and contains a list of public
key algorithms that the server is able to process as part of a
"publickey" authentication request.
The current list is shared between server host keys algorithms and userauth pubkey algorithms.
You might want to have a SSH server that for example only supports ssh-ed25519 and ecdsa-sha2-nistp256 as a host keys... but users should still be allowed to authenticate with an ecdsa-sha2-nistp521 or ssh-rsa key
One option to fix this is to have a separate list of algorithms allowed for userauth pubkey that is sent to server-sig-algs
It can be named SSHServerTransport.supportedSigAlgs
The text was updated successfully, but these errors were encountered:
The current code is here
twisted/src/twisted/conch/ssh/transport.py
Lines 1715 to 1718 in 63df84e
server-sig-algs
is documented in RFC 8308The current list is shared between server host keys algorithms and userauth pubkey algorithms.
You might want to have a SSH server that for example only supports
ssh-ed25519
andecdsa-sha2-nistp256
as a host keys... but users should still be allowed to authenticate with anecdsa-sha2-nistp521
orssh-rsa
keyOne option to fix this is to have a separate list of algorithms allowed for userauth pubkey that is sent to
server-sig-algs
It can be named
SSHServerTransport.supportedSigAlgs
The text was updated successfully, but these errors were encountered: