Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.17.0, 1.16.1
-
None
Description
SSHJ 0.33.0 included changes to depend on the Key Algorithms configuration property to determine supported RSA algorithms for public key authentication. SSHJ PR 742 standardized this configuration, which prioritizes rsa-sha2-256 and rsa-sha2-512 before the legacy ssh-rsa algorithm. SSHJ PR 763 introduced additional changes to try all configured RSA algorithms, but it depends on the server indicating support for retrying public key authentication after initial failures.
To maintain wider compatibility, the Apache NiFi SSH default configuration should be adjusted to prioritize ssh-rsa before rsa-sha2 algorithms, using the method implemented in SSHJ 0.33.0 PR 742. This prioritization should be enabled in the default SFTP Processor configuration where the Key Algorithms Allowed property is not specified. Overriding the Key Algorithms Allowed property should continue to support custom algorithm and selection with defined prioritization.
Attachments
Issue Links
- links to