OpenSSH 9.0 released

Posted Apr 9, 2022 4:35 UTC (Sat) by CoelacanthusHex (guest, #144839)
In reply to: OpenSSH 9.0 released by cypherpunks2
Parent article: OpenSSH 9.0 released

And it seems that there are other problems here. If you are using gpg-agent, and OpenSSH matches the NTRU algorithm, gpg-agent will refuse because it does not support the algorithm, which makes it unusable. Now OpenSSH uses this algorithm as the first choice. This makes the probability of encountering this problem greatly increased.

OpenSSH 9.0 released

Posted Apr 9, 2022 5:40 UTC (Sat) by mkj (subscriber, #85885) [Link]

I don't see how gpg-agent would see anything about NTRU, have you seen it as a problem? sntrup761x25519 should only be getting used for key exchange (KEX), versus gpg-agent which doesn't handle KEX, just public key auth signatures which keep using existing schemes.

gpg-agent might still need updating to handle rsa-sha2 signatures, but that's a different problem. https://adamheins.com/blog/ssh-agent-key-rsa

OpenSSH 9.0 released

Posted Apr 10, 2022 20:37 UTC (Sun) by aaronmdjones (subscriber, #119973) [Link]

You are confusing key exchange (the algorithm that derives the encryption and authentication keys for the underlying traffic) with authentication.

NTRU is for the former; ssh-keygen, ssh-agent, gpg-agent, scdaemon, and such will never see it and don't even know that you're using it.