Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] #24266

Closed
lpzgithub opened this issue Mar 6, 2018 · 6 comments

Comments

@lpzgithub
Copy link

@lpzgithub lpzgithub commented Mar 6, 2018

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.9.3 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"

What did you do?

ssh handshake fail:
ssh: handshake failed: ssh: no common algorithm for host key; client offered: [ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa ssh-dss ssh-ed25519], server offered: [x509v3-sign-rsa x509v3-ssh-rsa]

[x509v3-sign-rsa x509v3-ssh-rsa] is not supported for host-key algorithms

// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
// of authenticating servers) in preference order.
var supportedHostKeyAlgos = []string{
	CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
	CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,

	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
	KeyAlgoRSA, KeyAlgoDSA,

	KeyAlgoED25519,
}

I expect supportedHostKeyAlgos support x509v3-ssh-rsa host-key algorithms.

@bradfitz bradfitz changed the title crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] x/crypto/ssh: no common algorithm for host key, server offered: [x509v3-sign-rsa x509v3-ssh-rsa] Mar 7, 2018
@gopherbot gopherbot added this to the Unreleased milestone Mar 7, 2018
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 7, 2018

/cc @hanwen

@andybons
Copy link
Member

@andybons andybons commented Mar 7, 2018

@hanwen I’m not sure what your comment means. Do you plan to support x509v3-ssh-rsa? If so then please add the NeedsFix label.

@hanwen
Copy link
Contributor

@hanwen hanwen commented Mar 7, 2018

sorry, I was in a hurry.

the comment is a link to the RFC. I don't know anything about X509; Maybe @agl has input whether this is a worthwhile thing to support?

@agl
Copy link
Contributor

@agl agl commented Mar 7, 2018

The draft expired 11 years ago. I don't think there's enough supporting evidence here to warrant implementation.

@andybons
Copy link
Member

@andybons andybons commented Mar 7, 2018

OK. Closing then.

@andybons andybons closed this Mar 7, 2018
@golang golang locked and limited conversation to collaborators Mar 7, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.