tomaswolf opened a new pull request #185: URL: https://github.com/apache/mina-sshd/pull/185
SSH_MSG_USERAUTH_PK_OK is supposed to say "the server will accept the key and signature algorithm the client sent in the previous SSH_MSG_USERAUTH_REQUEST message". It is _not_ intended as a mechanism for the server to override the client's choice of algorithm. See RFC 4252.[1] Just log a warning if a server sends back an unexpected "algorithm". (Github's SSH-2.0-babeld-383743ad was found to reply "ssh-rsa" even if the client requested "rsa-sha2-512" and the server had previously announced via server-sig-algs that it supports rsa-sha2-512. Subsequent authentication with rsa-sha2-512 then still works.) Of course the returned public key must still match exactly. The client always uses the signature algorithm that it had announced it would use. [1] https://tools.ietf.org/html/rfc4252#page-9 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
