[SSHD-1105] Use all possible signatures for a public key type in public key authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.1
Fix Version/s: 2.7.0
Labels:
None

Description

The current code iterates over the keys the user provided and then attempts to find a single matching signature factory. However, for some key types (e.g., RSA) there is more than one possible signature - e.g., ssh-rsa, rsa-sha2-256, rsa-sha2-512. The code should try all matching signature factories in the same order as the user defined them.

Pseudo code

for (KeyPair kp : userKeys) {
    Collection<String> aliases = KeyUtils.getAllKeyTypeAliases(kp);
    for (SignatureFactory factory : userSignatures) {
          // NOTE: need to check how not to confuse ...-cert@openssh,com.. key type aliases
          if (aliases.contains(factory.getName()) {
               tryPublicKeyAuth(factory, kp);
          }
    }
}

Attachments

Issue Links

is duplicated by

SSHD-1154 userauth_pubkey: unsupported public key algorithm: rsa-sha2-512

Resolved

relates to

SSHD-1104 Fix Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication

Resolved

Activity

People

Assignee:: Thomas Wolf

Reporter:: Lyor Goldstein

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Nov/20 16:51

Updated:: 20/May/21 12:44

Resolved:: 24/Mar/21 08:07

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 40m