You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2020/11/20 06:42:00 UTC
[jira] [Updated] (SSHD-1104) Fix Client Side Support for RFC 8332
rsa-sha2-256, rsa-sha2-512 public key authentication
[ https://issues.apache.org/jira/browse/SSHD-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lyor Goldstein updated SSHD-1104:
---------------------------------
Issue Type: Bug (was: Improvement)
> Fix Client Side Support for RFC 8332 rsa-sha2-256, rsa-sha2-512 public key authentication
> -----------------------------------------------------------------------------------------
>
> Key: SSHD-1104
> URL: https://issues.apache.org/jira/browse/SSHD-1104
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.5.1
> Reporter: Justin Tay
> Priority: Minor
>
> The readme on the client side support for RFC 8332 is misleading. It implies that the client side just requires specific initialization so the impression is that either setting the kex extension handler or signature factories should get the client to be able to use public key authentication using rsa-sha2-256 or rsa-sha2-512.
> However after removing the ssh-rsa signature factory and encountering an error I noticed that in UserAuthPublicKey and KeyPairIdentity the signature algo (P. K. Alg. Name) is always set to be the key type (P. K. Format) which will always be ssh-rsa ie. algo = KeyUtils.getKeyType(getPublicKey()) so P. K. Alg. Name always equals P. K. Format and doesn't make calls to KeyUtils.getAllEquivalentKeyTypes or check the configured signature factories.
> Getting this to work required overriding UserAuthPublicKey, UserAuthPublicKeyFactory and awkward handling of the KeyPairIdentity/PublicKeyIdentity for signing which was more than what I expected.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org