-
Notifications
You must be signed in to change notification settings - Fork 602
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public key authentication only possible with host key types #600
Comments
Having consulted the relevant RFC again, I think that the approach used here is not necessarily incorrect, it would just need to additionally allow all non-RSA key algorithms for public keys. This would still allow to choose the ssh-rsa signature algorithm based on what the server host key uses. An alternative solution could be to always send multiple userauth requests when an ssh-rsa public key is used, corresponding to the three different hash algorithms SHA1, SHA-256 and SHA-512. |
Note that this can't be caught by tests right now since the server comes with RSA, ED25519 and ECDSA host keys. |
With this, all issues we have identified using SSHJ over at Password Store have now been fixed. |
Cool! I'll try to release a new version this week... There is one other PR I want to have a look at ;) |
Do you know whether you will get around to cut a release this week? Over at Password Store, we will have a release coming up the week after and it would help us to plan it if we knew whether SSHJ 0.30.0 will be available in time. |
Hi,
I'm offline this week for holidays ;) I'll work on it coming week.
Regards,
Jeroen
Op do 13 aug. 2020 om 10:42 schreef Fabian Henneke <notifications@github.com
…:
Cool! I'll try to release a new version this week... There is one other PR
I want to have a look at ;)
Do you know whether you will get around to cut a release this week? Over
at Password Store, we will have a release coming up the week after and it
would help us to plan it if we knew whether SSHJ 0.30.0 will be available
in time.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#600 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4XI2MAHO6BQVRSEUPQIDSAORP7ANCNFSM4N6APDFA>
.
|
Thanks for the info (and the work on sshj in general), enjoy your time off! |
v0.30.0 is released, I still need to update the Release notes, but wanted
to let you know.
Op vr 14 aug. 2020 om 12:40 schreef Fabian Henneke <notifications@github.com
…:
Thanks for the info (and the work on sshj in general), enjoy your time off!
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#600 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4XI6GIBVWEXOPWMPYS5TSAUIC7ANCNFSM4N6APDFA>
.
|
Thanks for the heads-up! |
Since 9671352, it seems that public key authentication can only succeed if the key type is also a host key type supported by the server.
I believe that the root cause of this is 9671352#diff-521b24d9ed9094555c19f59ffa14e862R235-R239, where the "signature algorithms" (i.e.
server_host_key_algorithms
per the SSH spec) are used to populate the factory that is later used to send and sign with public keys.I would think that that the list of
KeyAlgorithm
factories should rather be populated directly from the config as it does not require negotiation with the server.KeyedAuthMethod.java
would then need to be changed to use those factories instead of askingTransport
for them.The text was updated successfully, but these errors were encountered: