Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
The traditional SSH agent protocol has recently been extended, as documented in draft-miller-ssh-agent, to allow signatures with SHA-256 and SHA-512 ("SHA2") hashes as well as the traditional but weak SHA-1. The client signals this with a 'flags' word that previously didn't exist in the protocol.
Previously, Pageant has ignored this. OpenSSH has apparently been requesting these hashes since 7.2; 7.7 started warning when it didn't get what it asked for from the agent (bz#2799):
agent key RSA SHA256:XXXXXXXXXXXXXXX returned incorrect signature type
This warning could show up for instance in agent forwarding scenarios.
Now Pageant looks at the flag word, returns SHA-256 or SHA-512 signatures if requested, and complains if any of the other flag bits are set.