Foxboron
commented
3 months ago This is known.
TPMs doesn't really support SHA-512 and for this to work I need to implement the signing operation on another layer.
Open sevenrats opened 3 months ago
Foxboron
commented
3 months ago This is known.
TPMs doesn't really support SHA-512 and for this to work I need to implement the signing operation on another layer.
sevenrats
commented
3 months ago How do I work around in the meantime? is this an openssh version problem? can I change a setting somewhere?
Foxboron
commented
3 months ago You need to remove rsa-sha2-512 as a valid signature algorithm. I can't remember from the top of my head how you do this.
sevenrats
commented
3 months ago easier to just delete the RSA hostkey in my case.
I migrated a working install to a newer machine, replaced the tpm keys, and sshd comes up fine, but I get the "send_disconnect" error no matter how I try to connect ( the server is up and accepts a password though.) checking the ssh-tpm-agent logs shows INFO "agent 13: SHA-512 is not a supported hashing algorithm" right after "signwithflags" is called. shuttdown down the tpm agent and removing its sshd config causes connections to resume.