You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "James Nord (Jira)" <ji...@apache.org> on 2022/04/22 12:28:00 UTC
[jira] [Created] (SSHD-1264) different host key algorithm used on rekey than used for the initial connection
James Nord created SSHD-1264:
--------------------------------
Summary: different host key algorithm used on rekey than used for the initial connection
Key: SSHD-1264
URL: https://issues.apache.org/jira/browse/SSHD-1264
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.8.0
Reporter: James Nord
when using mina as an ssh client to connect to an open ssh server the host key that is negotiated on the initial connection can have a different algorithm than the one used in a rekey.
This causes an issue as connections can be terminated if the initial host key type is in the known hosts, (say ecdsa) but the subsequent on (rsa) is not.
once connected the same host key algorithm should be used in any subsequent re-key events.
(see log attached from SSHD)
Note: this is easyish to see by setting opensshd server config `RekeyLimit default 10` which will cause a rekey after 10 seconds on a data event.
e.g.
{noformat}
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 {noformat}
shows the flop from an agreed exchange of {{ecdsa-sha2-nistp256}} to {{rsa-sha2-512}}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org