[jira] [Work logged] (SSHD-1105) Use all possible signatures for a public key type in public key authentication

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/SSHD-1105?focusedWorklogId=570554&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-570554
 ]

ASF GitHub Bot logged work on SSHD-1105:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Mar/21 15:36
            Start Date: 23/Mar/21 15:36
    Worklog Time Spent: 10m 
      Work Description: lgoldstein commented on pull request #183:
URL: https://github.com/apache/mina-sshd/pull/183#issuecomment-805003946


   > Is the client-side handling of SSH2_MSG_EXT_INFO server-sig-algs existing 
already somewhere?
   
   Not to my knowledge - when we introduced this feature it was left to the 
user to implement it. There is the `DefaultClientKexExtensionHandler` of 
course, but I don't think it is complete or even works as expected.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 570554)
    Time Spent: 50m  (was: 40m)

> Use all possible signatures for a public key type in public key authentication
> ------------------------------------------------------------------------------
>
>                 Key: SSHD-1105
>                 URL: https://issues.apache.org/jira/browse/SSHD-1105
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.5.1
>            Reporter: Lyor Goldstein
>            Priority: Minor
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> The current code iterates over the keys the user provided and then attempts 
> to find a +single+ matching signature factory.  However, for some key types 
> (e.g., RSA) there is more than one possible signature - e.g., {{ssh-rsa, 
> rsa-sha2-256, rsa-sha2-512}}. The code should try +all+ matching signature 
> factories in the same +order+ as the user defined them.
> {code:java|title=Pseudo code}
> for (KeyPair kp : userKeys) {
>     Collection<String> aliases = KeyUtils.getAllKeyTypeAliases(kp);
>     for (SignatureFactory factory : userSignatures) {
>           // NOTE: need to check how not to confuse ...-cert@openssh,com.. 
> key type aliases
>           if (aliases.contains(factory.getName()) {
>                tryPublicKeyAuth(factory, kp);
>           }
>     }
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org