Fix a couple minor-but-critical Agent issues wrt SHA2 + certs

author: Jeff Forcier <jeff@bitprophet.org> 2023-05-24 15:52:08 -0400
committer: Jeff Forcier <jeff@bitprophet.org> 2023-05-24 15:52:08 -0400
commit: fdb08b7cb94d9edb547790a20ca28cfd45d20c53 (patch)
tree: d271535ed10dd2b424dae36c1e5a3dac89f8158c /sites/www
parent: 8f0e966ece84433c5f7e31e837a3049bb7b8987e (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 4b39715a..53f2b84c 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,16 @@
 Changelog
 =========
 
+- :bug:`- major` Fixed a very sneaky bug found at the apparently
+  rarely-traveled intersection of ``RSA-SHA2`` keys, certificates, SSH agents,
+  and stricter-than-OpenSSH server targets. This manifested as yet another
+  "well, if we turn off SHA2 at one end or another, everything works again"
+  problem, for example with version 12 of the Teleport server endpoint.
+
+  This has been fixed; Paramiko tweaked multiple aspects of how it requests
+  agent signatures, and the agent appears to do the right thing now.
+
+  Thanks to Ryan Stoner for the bug report and testing.
 - :bug:`2012 major` (also :issue:`1961` and countless others) The
   ``server-sig-algs`` and ``RSA-SHA2`` features added around Paramiko 2.9 or
   so, had the annoying side effect of not working with servers that don't
author	Jeff Forcier <jeff@bitprophet.org>	2023-05-24 15:52:08 -0400
committer	Jeff Forcier <jeff@bitprophet.org>	2023-05-24 15:52:08 -0400
commit	fdb08b7cb94d9edb547790a20ca28cfd45d20c53 (patch)
tree	d271535ed10dd2b424dae36c1e5a3dac89f8158c /sites/www
parent	8f0e966ece84433c5f7e31e837a3049bb7b8987e (diff)