[ https://issues.apache.org/jira/browse/NIFI-10586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Gough updated NIFI-10586: -------------------------------- Fix Version/s: 1.19.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Prioritize ssh-rsa Key Algorithm in SFTP Processors > --------------------------------------------------- > > Key: NIFI-10586 > URL: https://issues.apache.org/jira/browse/NIFI-10586 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Affects Versions: 1.17.0, 1.16.1 > Reporter: David Handermann > Assignee: David Handermann > Priority: Minor > Fix For: 1.19.0 > > Time Spent: 1h > Remaining Estimate: 0h > > SSHJ 0.33.0 included changes to depend on the Key Algorithms configuration > property to determine supported RSA algorithms for public key authentication. > [SSHJ PR 742|https://github.com/hierynomus/sshj/pull/742] standardized this > configuration, which prioritizes {{rsa-sha2-256}} and {{rsa-sha2-512}} before > the legacy {{ssh-rsa}} algorithm. [SSHJ PR > 763|https://github.com/hierynomus/sshj/pull/763] introduced additional > changes to try all configured RSA algorithms, but it depends on the server > indicating support for retrying public key authentication after initial > failures. > To maintain wider compatibility, the Apache NiFi SSH default configuration > should be adjusted to prioritize {{ssh-rsa}} before {{rsa-sha2}} algorithms, > using the method implemented in SSHJ 0.33.0 PR 742. This prioritization > should be enabled in the default SFTP Processor configuration where the {{Key > Algorithms Allowed}} property is not specified. Overriding the {{Key > Algorithms Allowed}} property should continue to support custom algorithm and > selection with defined prioritization. -- This message was sent by Atlassian Jira (v8.20.10#820010)