[ https://issues.apache.org/jira/browse/SSHD-1216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17429226#comment-17429226 ]
Thomas Wolf edited comment on SSHD-1216 at 10/15/21, 10:27 AM: --------------------------------------------------------------- Yes, it can be done in application code; the library provides all the support needed. (Note that you should send the EXT_INFO message only if the client had requested it by sending ext-info-c earlier in its KEX proposal, though.) However, a server that does rsa-sha2-512 or rsa-sha2-256 SHOULD implement server-sig-algs. An Apache MINA sshd server by default does SHA-2 RSA signatures, so it should by default also implement server-sig-algs, and thus it should be in the library. was (Author: wolft): Yes, it can be done in application code; the library provides all the support needed. (Note that you should send the EXT_INFO message only if the client had requested it by sending ext-info-c earlier in its KEX proposal, though.) However, a server that does rsa-sha2-512 or rsa-sha2-256 SHOULD implement server-sig-algs. An Apache MINA sshd by default does SHA-2 RSA signatures, so it should by default also implement server-sig-algs, and thus it should be in the library. > Implement RFC 8332 server-sig-algs on the server > ------------------------------------------------ > > Key: SSHD-1216 > URL: https://issues.apache.org/jira/browse/SSHD-1216 > Project: MINA SSHD > Issue Type: Improvement > Reporter: Ben Humphreys > Priority: Major > > In the recently released [OpenSSH > 8.8|https://www.openssh.com/txt/release-8.8] for RSA keys the public key > signature algorithm that depends on SHA-1 has been disabled by default: > {quote}This release disables RSA signatures using the SHA-1 hash algorithm > 2by default. This change has been made as the SHA-1 hash algorithm is > cryptographically broken, and it is possible to create chosen-prefix 4hash > collisions for <USD$50K [1] > {quote} > As a result OpenSSH 8.8 clients are unable to authenticate with Mina SSHD > servers with RSA based keys (it is however possible to reenable ssh-rsa). > OpenSSH since 7.2 does however support RFC 8332 RSA/SHA-256/512 signatures, > indeed the release notes go on to say: > {quote} > For most users, this change should be invisible and there is no need to > replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 > signatures since release 7.2 and existing ssh-rsa keys will automatically use > the stronger algorithm where possible. > {quote} > It appears Mina SSHD partly implements support for RFC 8332, indeed the > client code appears to support it (see SSHD-1141). However the server appears > to lack full support because it doesn't full implement the"server-sig-algs" > extension. > The basic framework for supporting this seems to be present, specifically > {{AbstractKexFactoryManager.setKexExtensionHandler()}} could perhaps permit > such a "server-sig-algs" extension. > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org