You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "James Nord (Jira)" <ji...@apache.org> on 2022/04/22 12:28:00 UTC

[jira] [Created] (SSHD-1264) different host key algorithm used on rekey than used for the initial connection

James Nord created SSHD-1264:
--------------------------------

             Summary: different host key algorithm used on rekey than used for the initial connection
                 Key: SSHD-1264
                 URL: https://issues.apache.org/jira/browse/SSHD-1264
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.8.0
            Reporter: James Nord


when using mina as an ssh client to connect to an open ssh server the host key that is negotiated on the initial connection can have a different algorithm than the one used in a rekey.

This causes an issue as connections can be terminated if the initial host key type is in the known hosts, (say ecdsa) but the subsequent on (rsa) is not.

once connected the same host key algorithm should be used in any subsequent re-key events.

(see log attached from SSHD)

Note: this is easyish to see by setting opensshd server config `RekeyLimit default 10`  which will cause a rekey after 10 seconds on a data event.

e.g.
{noformat}
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 {noformat}

shows the flop from an agreed exchange of {{ecdsa-sha2-nistp256}} to {{rsa-sha2-512}}



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org