x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

ORYLY · 2022-02-13T05:21:32Z

When a server provides both a DSA host key and an ED25519 host key, the Go ssh library will select DSA instead. But DSA has been deprecated in OpenSSH (and in other libraries, I suppose).

This is because in crypto/ssh/common.go, ED25519 is at the end of supportedHostKeyAlgos, which is supposed to be in preference order:

var supportedHostKeyAlgos = []string{
	CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01,
	CertSigAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
	CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,

	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
	SigAlgoRSASHA2512, SigAlgoRSASHA2256,
	SigAlgoRSA, KeyAlgoDSA,

	KeyAlgoED25519, // <-- lowest preference, unlike the other algo list constants that place ED25519 much higher
}

The text was updated successfully, but these errors were encountered:

dmitshur · 2022-02-14T21:19:22Z

CC @neild, @rolandshoemaker.

gopherbot added this to the Unreleased milestone Feb 13, 2022

dmitshur changed the title ~~x/crypto: host key algorithm selection prefers DSA over ED25519~~ x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 Feb 14, 2022

dmitshur added the NeedsInvestigation label Feb 14, 2022

x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

ORYLY commented Feb 13, 2022 •

edited

dmitshur commented Feb 14, 2022

x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

Comments

ORYLY commented Feb 13, 2022 • edited

dmitshur commented Feb 14, 2022

ORYLY commented Feb 13, 2022 •

edited