You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "tomaswolf (via GitHub)" <gi...@apache.org> on 2023/04/09 17:26:43 UTC

[GitHub] [mina-sshd] tomaswolf commented on issue #317: How do I force the use of "RSA key" to connect to the remote side?

tomaswolf commented on issue #317:
URL: https://github.com/apache/mina-sshd/issues/317#issuecomment-1501175912

   If you're trying to configure an OpenSSH server: its config file is normally `/etc/ssh/sshd_config`.
   
   If it's an Apache MINA sshd server, set it in whatever config file it reads, if any, or configure it in the code via `SshServer.setKeyPairProvider()`.
   
   If you're trying to configure an Apache MINA sshd client: first, make sure that it does read the file and does something with the HostKeyAlgorithms setting. (I don't think it does.) In Java code, you could create your own `ClientSessionImpl` subclass and override `resolveAvailableSignaturesProposal()` to return the algorithms you want.
   
   BTW, I would recommend to set at least `rsa-sha2-512,rsa-sha2-256,ssh-rsa`. "ssh-rsa" is deprecated because it uses the cryptographically unsafe SHA1 hash. (RSA keys are fine, just this key exchange algorithm isn't.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org