[jira] [Updated] (NIFI-10586) Prioritize ssh-rsa Key Algorithm in SFTP Processors

["David Handermann (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/NIFI-10586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-10586:
------------------------------------
    Status: Patch Available  (was: In Progress)

> Prioritize ssh-rsa Key Algorithm in SFTP Processors
> ---------------------------------------------------
>
>                 Key: NIFI-10586
>                 URL: https://issues.apache.org/jira/browse/NIFI-10586
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.16.1, 1.17.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>
> SSHJ 0.33.0 included changes to depend on the Key Algorithms configuration property to determine supported RSA algorithms for public key authentication. [SSHJ PR 742|https://github.com/hierynomus/sshj/pull/742] standardized this configuration, which prioritizes {{rsa-sha2-256}} and {{rsa-sha2-512}} before the legacy {{ssh-rsa}} algorithm. [SSHJ PR 763|https://github.com/hierynomus/sshj/pull/763] introduced additional changes to try all configured RSA algorithms, but it depends on the server indicating support for retrying public key authentication after initial failures.
> To maintain wider compatibility, the Apache NiFi SSH default configuration should be adjusted to prioritize {{ssh-rsa}} before {{rsa-sha2}} algorithms, using the method implemented in SSHJ 0.33.0 PR 742. This prioritization should be enabled in the default SFTP Processor configuration where the {{Key Algorithms Allowed}} property is not specified. Overriding the {{Key Algorithms Allowed}} property should continue to support custom algorithm and selection with defined prioritization.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)