[
https://issues.apache.org/jira/browse/SSHD-1141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17305417#comment-17305417
]
Thomas Wolf commented on SSHD-1141:
-----------------------------------
See [PR 184|https://github.com/apache/mina-sshd/pull/184] for the client side.
Didn't look at the server side.
For the client, it'd be even an option to install a
{{DefaultClientKexExtensionHandler}} always by default.
{quote}
3. On reception of server-sig-algs, update the client's
PubkeyAcceptedAlgorithms for this session in ways I didn't analyze.
{quote}
The new code just reorders the client's {{PubKeyAcceptedAlgorithms}} as
described above and in the commit message. I have the impression the old code
even added new algorithms that were not configured on the client, but announced
as supported by the server, if an implementation was available. That is IMO
wrong, too. The client defines what algorithms it wants to use; the server has
no say in that. Note that users can normally define the algorithms to use by
the client in the ssh config, key {{PubkleyAcceptedAlgorithms}} (formerly
{{PubkeyAcceptedKeyTypes}}).
> Implement server-sig-algs
> -------------------------
>
> Key: SSHD-1141
> URL: https://issues.apache.org/jira/browse/SSHD-1141
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Ian Wienand
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Mina sshd should implement server-sig-algs to report signature algorithms.
> Without the daemon sending server-sig-algs, clients fall back to ssh-rsa per
> RFC8332
> {quote}When authenticating with an RSA key against a server that does not
> implement the "server-sig-algs" extension, clients MAY default to an
> "ssh-rsa" signature to avoid authentication penalties.
> {quote}
> Some distributions, notably Fedora 33, have set default system policy to
> disallow insecure algorithms such as ssh-rsa. They thus can not find a
> suitable signature algorithm and fail to log in. Quite a high level of
> knowledge is required to override the default system cryptography policy, and
> it can be quite confusing because the user's ssh-key works in many other
> contexts (against openssh servers, etc.). For full details see discussion in
> SSHD-1118.
> For example, connecting to a recent openssh server I see something like
> {quote}debug1: kex_input_ext_info:
> server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
> {quote}
> I believe that Mina SSHD does support these more secure signature algorithms,
> but because they aren't reported the client won't use them.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
