Skip to content

x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168

Open
@ORYLY

Description

@ORYLY

When a server provides both a DSA host key and an ED25519 host key, the Go ssh library will select DSA instead. But DSA has been deprecated in OpenSSH (and in other libraries, I suppose).

This is because in crypto/ssh/common.go, ED25519 is at the end of supportedHostKeyAlgos, which is supposed to be in preference order:

var supportedHostKeyAlgos = []string{
	CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01,
	CertSigAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
	CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,

	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
	SigAlgoRSASHA2512, SigAlgoRSASHA2256,
	SigAlgoRSA, KeyAlgoDSA,

	KeyAlgoED25519, // <-- lowest preference, unlike the other algo list constants that place ED25519 much higher
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions