[jira] [Commented] (SSHD-1155) How to add KeyExchangeAlgo which are deprecated

Tue, 13 Apr 2021 06:21:37 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17320173#comment-17320173
 ] 

Thomas Wolf commented on SSHD-1155:
-----------------------------------

We cannot debug your connection problems. One thing I notice is that it says:

client: ...,ecdsa-sha2-nistp*512*,...

server: ecdsa-sha2-nistp521

There are no common algorithms.

Could this be a bug in that Tectia client? ("512" instead of "521")? If that 
client indeed proposes ecds-sha2-nistp512, it is broken. You might perhaps be 
able to work around it by adding a signature algorithm factory with that broken 
name (implemented as ecdsa-sha2-nistp521, of course) to the server's list.

The second problem ("no resolved signatures") is probably because your Apache 
MINA sshd server uses only an ECDSA host key but you only set RSA signature 
factories.

Please take a moment to familiarize yourself with key types and which signature 
algorithms are applicable for which key types.

> How to add KeyExchangeAlgo which are deprecated
> -----------------------------------------------
>
>                 Key: SSHD-1155
>                 URL: https://issues.apache.org/jira/browse/SSHD-1155
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Susmit Sarkar
>            Priority: Blocker
>
> Hello Team,
>  
> I need to add the deprecated KeyExchangeAlgo to SshServer.
> ssh-dss, ssh-rsa, rsa-sha2-256, rsa-sha2-512, nistp256, nistp384, nistp521 , 
> ssh-ed25519 (requires {{eddsa}} optional module), 
> [sk-ecdsa-sha2-nistp...@openssh.com|mailto:sk-ecdsa-sha2-nistp...@openssh.com],
>  [sk-ssh-ed25...@openssh.com|mailto:sk-ssh-ed25...@openssh.com] , 
> [ssh-rsa-cert-...@openssh.com|mailto:ssh-rsa-cert-...@openssh.com], 
> [ssh-dss-cert-...@openssh.com|mailto:ssh-dss-cert-...@openssh.com], 
> [ssh-ed25519-cert-...@openssh.com|mailto:ssh-ed25519-cert-...@openssh.com] , 
> [ecdsa-sha2-nistp256-cert-...@openssh.com|mailto:ecdsa-sha2-nistp256-cert-...@openssh.com],
>  
> [ecdsa-sha2-nistp384-cert-...@openssh.com|mailto:ecdsa-sha2-nistp384-cert-...@openssh.com],
>  
> [ecdsa-sha2-nistp521-cert-...@openssh.com|mailto:ecdsa-sha2-nistp521-cert-...@openssh.com]
> sshd.setKeyExchangeFactories(Arrays.asList(BuiltinKeyExchange.***));
> BuiltinKeyExchange there is no class of the same name
> List<KeyExchangeFactory> kexFactories = I need all the above mentioned 
> deprecated kexAlgo, can you please help with the code snippet.
>  
> Thanks in advance
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to