[
https://issues.apache.org/jira/browse/NIFI-10586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough updated NIFI-10586:
--------------------------------
Fix Version/s: 1.19.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Prioritize ssh-rsa Key Algorithm in SFTP Processors
> ---------------------------------------------------
>
> Key: NIFI-10586
> URL: https://issues.apache.org/jira/browse/NIFI-10586
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.17.0, 1.16.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.19.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> SSHJ 0.33.0 included changes to depend on the Key Algorithms configuration
> property to determine supported RSA algorithms for public key authentication.
> [SSHJ PR 742|https://github.com/hierynomus/sshj/pull/742] standardized this
> configuration, which prioritizes {{rsa-sha2-256}} and {{rsa-sha2-512}} before
> the legacy {{ssh-rsa}} algorithm. [SSHJ PR
> 763|https://github.com/hierynomus/sshj/pull/763] introduced additional
> changes to try all configured RSA algorithms, but it depends on the server
> indicating support for retrying public key authentication after initial
> failures.
> To maintain wider compatibility, the Apache NiFi SSH default configuration
> should be adjusted to prioritize {{ssh-rsa}} before {{rsa-sha2}} algorithms,
> using the method implemented in SSHJ 0.33.0 PR 742. This prioritization
> should be enabled in the default SFTP Processor configuration where the {{Key
> Algorithms Allowed}} property is not specified. Overriding the {{Key
> Algorithms Allowed}} property should continue to support custom algorithm and
> selection with defined prioritization.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
