Mailing List Archive

OpenSSH 8.2 appears to be one key to send the public key and a different key to send the signature?
I'm trying to connect to an SSH server using OpenSSH_8.2p1
Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 and am seeing some weird
stuff in the logs. In particular, there's this:

debug3: sign_and_send_pubkey: RSA
SHA256:Xss+fkLagMzhqQfEakymnMzhqQN2FnzmZHrGJJFRzXA
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
SHA256:Xss+fkLagMzhqQfGgpPlmWuHq8N2FnzmZHrGJJFRzXA

What's weird about that is that the key fingerprints are subtly different:

SHA256:Xss+fkLagMzhqQf EakymnMzhqQ N2FnzmZHrGJJFRzXA
SHA256:Xss+fkLagMzhqQf GgpPlmWuHq8 N2FnzmZHrGJJFRzXA

(I added the spaces to make them more readable)

My question is... how can this be so?

Here's the code that does that:

https://github.com/openssh/openssh-portable/blob/V_8_2_P1/sshconnect2.c#L1247

But in my cursory reading of the code it looks like those two lines should
be the same - not different.

It's also strange that, despite being different, that they're as similar as
they are. With any cryptographic hash I'd expect that changing one
character would change the whole hash *completely* but in this case like
less than half of the hash is being changed? That doesn't make any sense to
me.

Any ideas?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev