You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Justin Tay (Jira)" <ji...@apache.org> on 2020/11/20 03:58:00 UTC

[jira] [Created] (SSHD-1104) Improve Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication

Justin Tay created SSHD-1104:
--------------------------------

             Summary: Improve Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication
                 Key: SSHD-1104
                 URL: https://issues.apache.org/jira/browse/SSHD-1104
             Project: MINA SSHD
          Issue Type: Improvement
    Affects Versions: 2.5.1
            Reporter: Justin Tay


The readme on the client side support for RFC 8332 is misleading. It implies that the client side just requires specific initialization so the impression is that either setting the kex extension handler or signature factories should get the client to be able to use public key authentication using rsa-sha2-256 or rsa-sha2-512.

However after removing the ssh-rsa signature factory and encountering an error I noticed that in UserAuthPublicKey and KeyPairIdentity the signature algo (P. K. Alg. Name) is always set to be the key type (P. K. Format) which will always be ssh-rsa ie. algo = KeyUtils.getKeyType(getPublicKey()) so P. K. Alg. Name always equals P. K. Format and doesn't make calls to KeyUtils.getAllEquivalentKeyTypes or check the configured signature factories.

Getting this to work required overriding UserAuthPublicKey, UserAuthPublicKeyFactory and awkward handling of the KeyPairIdentity/PublicKeyIdentity for signing which was more than what I expected.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org