[
https://issues.apache.org/jira/browse/SSHD-895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17086449#comment-17086449
]
FliegenKLATSCH commented on SSHD-895:
-------------------------------------
I don't understand the reason for not enabling rsaSHA512 and rsaSHA256 per
default. Could you enlighten me?
Does the comment
{code:java}
Implementation experience has shown that there are servers that apply
authentication penalties to clients attempting public key algorithms
that the SSH server does not support.{code}
apply, if we first negotiate the algorithm with the server?
I understand it the way that there are penalties if the client just tries an
algorithm which was not negotiated?
And I am not sure if the client would try a sha2 variant if the negotiated
algorithm is `ssh-rsa`?
> Add support for RSA + SHA-256/512 signatures
> --------------------------------------------
>
> Key: SSHD-895
> URL: https://issues.apache.org/jira/browse/SSHD-895
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.3.0
> Reporter: Lyor Goldstein
> Assignee: Lyor Goldstein
> Priority: Major
> Fix For: 2.3.0
>
>
> See https://tools.ietf.org/html/rfc8332 - *Note:*
> {quote}
> Servers that accept rsa-sha2-* signatures for client authentication
> SHOULD implement the extension negotiation mechanism defined in
> [RFC8308], including especially the "server-sig-algs" extension.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
