tomaswolf commented on pull request #119:
URL: https://github.com/apache/mina-sshd/pull/119#issuecomment-835878115
Looking deeper into the Apache MINA sshd code, I think the problem is in
`UserAuthPublicKey.appendSignature()`:
```
bs.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST);
bs.putString(username);
bs.putString(service);
bs.putString(name);
bs.putBoolean(true);
bs.putString(algo); // <-- This should be the key type
bs.putPublicKey(key);
byte[] contents = bs.getCompactData();
byte[] sig;
try {
Map.Entry<String, byte[]> result = current.sign(session, algo,
contents);
String factoryName = result.getKey();
// An RSA -cert... signature generates a ssh-rsa, rsa-sha2-256,
or rsa-sha2-256 signature, so this check may not
// make sense?
ValidateUtils.checkState(algo.equalsIgnoreCase(factoryName),
"Mismatched signature type generated: requested=%s,
used=%s", algo, factoryName);
sig = result.getValue();
} catch (Error e) {
warn("appendSignature({})[{}][{}] failed ({}) to sign contents
using {}: {}",
session, service, name, e.getClass().getSimpleName(),
algo, e.getMessage(), e);
throw new RuntimeSshException(e);
}
// Trace logging omitted here
bs.clear();
bs.putString(algo); // <-- But here we should have the signature
algorithm name, shouldn't we?
bs.putBytes(sig);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
