Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-1104

Fix Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.5.1
    • 2.6.0
    • None

    Description

      The readme on the client side support for RFC 8332 is misleading. It implies that the client side just requires specific initialization so the impression is that either setting the kex extension handler or signature factories should get the client to be able to use public key authentication using rsa-sha2-256 or rsa-sha2-512.

      However after removing the ssh-rsa signature factory and encountering an error I noticed that in UserAuthPublicKey and KeyPairIdentity the signature algo (P. K. Alg. Name) is always set to be the key type (P. K. Format) which will always be ssh-rsa ie. algo = KeyUtils.getKeyType(getPublicKey()) so P. K. Alg. Name always equals P. K. Format and doesn't make calls to KeyUtils.getAllEquivalentKeyTypes or check the configured signature factories.

      Getting this to work required overriding UserAuthPublicKey, UserAuthPublicKeyFactory and awkward handling of the KeyPairIdentity/PublicKeyIdentity for signing which was more than what I expected.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SSHD-1105 Use all possible signatures for a public key type in public key authentication

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              lgoldstein Lyor Goldstein
              justintay Justin Tay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: