[jira] [Updated] (SSHD-1105) Use all possible signatures for a public key type in public key authentication

Thu, 26 Nov 2020 06:50:36 -0800 


     [ 
https://issues.apache.org/jira/browse/SSHD-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lyor Goldstein updated SSHD-1105:
---------------------------------
    Description: 
The current code iterates over the keys the user provided and then attempts to 
find a +single+ matching signature factory.  However, for some key types (e.g., 
RSA) there is more than one possible signature - e.g., {{ssh-rsa, rsa-sha2-256, 
rsa-sha2-512}}. The code should try +all+ matching signature factories in the 
same +order+ as the user defined them.

{code:java|title=Pseudo code}
for (KeyPair kp : userKeys) {
    Collection<String> aliases = KeyUtils.getAllKeyTypeAliases(kp);
    for (SignatureFactory factory : userSignatures) {
          // NOTE: need to check how not to confuse ...-cert@openssh,com.. key 
type aliases
          if (aliases.contains(factory.getName()) {
               tryPublicKeyAuth(factory, kp);
          }
    }
}
{code}

  was:The current code iterates over the keys the user provided and then 
attempts to find a matching signature factory. However, the user's preferred 
order is actually expressed via the signatures order - so the code should go 
over the preferred signatures in the order the user defined them and for each 
one of them try all the keys it can find that can satisfy the signature. 
*Note:* this will also fix the fact that if an RSA key is provided then only 
the +first+ signature that requires RSA is attempted.


> Use all possible signatures for a public key type in public key authentication
> ------------------------------------------------------------------------------
>
>                 Key: SSHD-1105
>                 URL: https://issues.apache.org/jira/browse/SSHD-1105
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.5.1
>            Reporter: Lyor Goldstein
>            Priority: Minor
>
> The current code iterates over the keys the user provided and then attempts 
> to find a +single+ matching signature factory.  However, for some key types 
> (e.g., RSA) there is more than one possible signature - e.g., {{ssh-rsa, 
> rsa-sha2-256, rsa-sha2-512}}. The code should try +all+ matching signature 
> factories in the same +order+ as the user defined them.
> {code:java|title=Pseudo code}
> for (KeyPair kp : userKeys) {
>     Collection<String> aliases = KeyUtils.getAllKeyTypeAliases(kp);
>     for (SignatureFactory factory : userSignatures) {
>           // NOTE: need to check how not to confuse ...-cert@openssh,com.. 
> key type aliases
>           if (aliases.contains(factory.getName()) {
>                tryPublicKeyAuth(factory, kp);
>           }
>     }
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to