[
https://issues.apache.org/jira/browse/SSHD-895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17086503#comment-17086503
]
Lyor Goldstein commented on SSHD-895:
-------------------------------------
The comment simply says that there are servers that refuse to authenticate if
the public key algorithms listed by the clients are not supported by the
server. In other words, even if eventually the negotiated algorithm would be
`ssh-rsa` some servers refuse to authenticate if the client lists algorithms
they do not support. It contradicts SSH protocol behavior of course, but we
want the default settings of MINA SSHD to provide the widest possible support -
which means the most common "denominator".
> Add support for RSA + SHA-256/512 signatures
> --------------------------------------------
>
> Key: SSHD-895
> URL: https://issues.apache.org/jira/browse/SSHD-895
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.3.0
> Reporter: Lyor Goldstein
> Assignee: Lyor Goldstein
> Priority: Major
> Fix For: 2.3.0
>
>
> See https://tools.ietf.org/html/rfc8332 - *Note:*
> {quote}
> Servers that accept rsa-sha2-* signatures for client authentication
> SHOULD implement the extension negotiation mechanism defined in
> [RFC8308], including especially the "server-sig-algs" extension.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
