[ssh_x509] ssh_x509 Digest, Vol 9, Issue 4

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Feb 2 17:31:53 EET 2013


Hi Anand ,
> Hi Roumen,
> Yes, this is on my server setup that I am seeing these messages. You have
> written that sha1 is preferred, does that mean since it is written just
> above md5, only sha1 will be used ?
If I remember well you use v7.1.
Unfortunately switch to sha1 was not properly documented. Documentation 
& default daemon configuration is corrected in v7.2.1.

First in list is used in signing operation (ref sshd_config(5) ). 
Verification is performed with all in list.


>   I have just uncommented the four
> 'X509KeyAlgorithm' lines from your patch and trying fips mode. Could you
> please tell me in what case first one may not be used i.e. sha1 and it goes
> to second ?
> Thank you.
> -Anand
[SNIP]

Roumen




More information about the ssh_x509 mailing list