You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2022/03/04 16:12:00 UTC

[jira] [Commented] (SSHD-1251) question about Key Exchange algorithm for apache sshd

    [ https://issues.apache.org/jira/browse/SSHD-1251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17501413#comment-17501413 ] 

Lyor Goldstein commented on SSHD-1251:
--------------------------------------

I strongly recommend reading the relevant SSH standards as this is exactly what MINA SSHD implements - as well as the project's own [documentation|https://github.com/apache/mina-sshd] (where you will also find references to the SSH RFCs). But to give you a brief answer:
{quote}what is the default and preferred key exchange algorithm used at server end when connection happened?
{quote}
There is no such thing as "default" and "preferred" (at least not in the sense of this question). During the key exchange phase (KEX) both client and server provide an +ordered+ list of their preferences and then a choice is made (see [RFC 4253 section 7|https://datatracker.ietf.org/doc/html/rfc4253#section-7]). 
{quote}is cross keys connection possible ?(like server having ECDSA key and in client remote profile RSA key is configured. can connection between this two keys possible.it works fine if same key mentioned at both end).
{quote}
The answer is complicated - however, to make it simple - no, cross keys are not possible (though under certain conditions it is possible, but maybe not the way you meant it).
{quote}
is there any way to set the preferred key algorithm during connection?
{quote}
See my previous answer. More specifically, one can set up +global defaults+ on the {{{}SshServer/Client{}}}, and at the same time override these defaults for specific sessions - please read the documentation though for the exact details. However, just because something is possible, it is not always a good idea. I recommend you avoid this unless you have a special use-case.

As I said, please read the RFC(s) and the project's documentation for details

> question about Key Exchange algorithm for apache sshd
> -----------------------------------------------------
>
>                 Key: SSHD-1251
>                 URL: https://issues.apache.org/jira/browse/SSHD-1251
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Ravindra
>            Priority: Major
>
> Hello Apache Team/Contributor,
> regarding to key exchange algorithm have below some question.
>  # what is the default and preferred key exchange algorithm used at server end when connection happened?
>  # is cross keys connection possible ?(like server having ECDSA key and in client remote profile RSA key is configured. can connection between this two keys possible.it works fine if same key mentioned at both end).
>  # is there any way to set the preferred key algorithm during connection?
>  
> please help me on this issue.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org