You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2019/02/14 08:53:00 UTC

[jira] [Comment Edited] (SSHD-895) Add support for RSA + SHA-256/512 keys

    [ https://issues.apache.org/jira/browse/SSHD-895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768007#comment-16768007 ] 

Goldstein Lyor edited comment on SSHD-895 at 2/14/19 8:52 AM:
--------------------------------------------------------------

Consider publishing the {{rsa-sha2-*}} support on the server-side as default behavior - NOTE:
{quote}
Servers that accept rsa-sha2-* signatures for client authentication
SHOULD implement the extension negotiation mechanism defined in
[RFC8308], including especially the "server-sig-algs" extension.
{quote}

In this context, it is worth nothing that the recommended preferred algorithms order is
{quote}
    ecdsa-sha2-nistp256-cert-v01@openssh.com,
    ecdsa-sha2-nistp384-cert-v01@openssh.com,
    ecdsa-sha2-nistp521-cert-v01@openssh.com,
    ssh-ed25519-cert-v01@openssh.com,
    rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
    ssh-rsa-cert-v01@openssh.com,
    ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
    ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
{quote}
i.e., the "legacy" RSA comes *after* the {{rsa-sha2-*}} ones


was (Author: lgoldstein):
Consider publishing the {{rsa-sha2-*}} support on the server-side as default behavior - NOTE:
{quote}
Servers that accept rsa-sha2-* signatures for client authentication
SHOULD implement the extension negotiation mechanism defined in
[RFC8308], including especially the "server-sig-algs" extension.
{quote}

> Add support for RSA + SHA-256/512 keys
> --------------------------------------
>
>                 Key: SSHD-895
>                 URL: https://issues.apache.org/jira/browse/SSHD-895
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.3.0
>            Reporter: Goldstein Lyor
>            Priority: Major
>
> See https://tools.wordtothewise.com/rfc/rfc8332 - *Note:*
> {quote}
> Servers that accept rsa-sha2-* signatures for client authentication
> SHOULD implement the extension negotiation mechanism defined in
> [RFC8308], including especially the "server-sig-algs" extension.
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)