Justin Tay created SSHD-1104:
--------------------------------
Summary: Improve Client Side Support for RFC 8332 rsa-sha2-256,
rsa-sha2-512 public key authentication
Key: SSHD-1104
URL: https://issues.apache.org/jira/browse/SSHD-1104
Project: MINA SSHD
Issue Type: Improvement
Affects Versions: 2.5.1
Reporter: Justin Tay
The readme on the client side support for RFC 8332 is misleading. It implies
that the client side just requires specific initialization so the impression is
that either setting the kex extension handler or signature factories should get
the client to be able to use public key authentication using rsa-sha2-256 or
rsa-sha2-512.
However after removing the ssh-rsa signature factory and encountering an error
I noticed that in UserAuthPublicKey and KeyPairIdentity the signature algo (P.
K. Alg. Name) is always set to be the key type (P. K. Format) which will always
be ssh-rsa ie. algo = KeyUtils.getKeyType(getPublicKey()) so P. K. Alg. Name
always equals P. K. Format and doesn't make calls to
KeyUtils.getAllEquivalentKeyTypes or check the configured signature factories.
Getting this to work required overriding UserAuthPublicKey,
UserAuthPublicKeyFactory and awkward handling of the
KeyPairIdentity/PublicKeyIdentity for signing which was more than what I
expected.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
