[jira] [Commented] (SSHD-1104) Fix Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication

Fri, 20 Nov 2020 02:41:06 -0800 


    [ 
https://issues.apache.org/jira/browse/SSHD-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17236054#comment-17236054
 ] 

Lyor Goldstein commented on SSHD-1104:
--------------------------------------

[~justintay] Thanks for bringing this to our attention - please try the code in 
https://github.com/lgoldstein/mina-sshd/tree/SSHD-1104 and let me know if it 
works (I have run some tests of my own but would appreciate your feedback).

> Fix Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key 
> authentication
> -----------------------------------------------------------------------------------------
>
>                 Key: SSHD-1104
>                 URL: https://issues.apache.org/jira/browse/SSHD-1104
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.5.1
>            Reporter: Justin Tay
>            Assignee: Lyor Goldstein
>            Priority: Minor
>
> The readme on the client side support for RFC 8332 is misleading. It implies 
> that the client side just requires specific initialization so the impression 
> is that either setting the kex extension handler or signature factories 
> should get the client to be able to use public key authentication using 
> rsa-sha2-256 or rsa-sha2-512.
> However after removing the ssh-rsa signature factory and encountering an 
> error I noticed that in UserAuthPublicKey and KeyPairIdentity the signature 
> algo (P. K. Alg. Name) is always set to be the key type (P. K. Format) which 
> will always be ssh-rsa ie. algo = KeyUtils.getKeyType(getPublicKey()) so P. 
> K. Alg. Name always equals P. K. Format and doesn't make calls to 
> KeyUtils.getAllEquivalentKeyTypes or check the configured signature factories.
> Getting this to work required overriding UserAuthPublicKey, 
> UserAuthPublicKeyFactory and awkward handling of the 
> KeyPairIdentity/PublicKeyIdentity for signing which was more than what I 
> expected.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to