[
https://issues.apache.org/jira/browse/SSHD-1231?focusedWorklogId=688955&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-688955
]
ASF GitHub Bot logged work on SSHD-1231:
----------------------------------------
Author: ASF GitHub Bot
Created on: 01/Dec/21 23:12
Start Date: 01/Dec/21 23:12
Worklog Time Spent: 10m
Work Description: tomaswolf opened a new pull request #211:
URL: https://github.com/apache/mina-sshd/pull/211
Reset the list when a new key is tried to avoid that we inadvertently
try a remaining signature algorithm from a previous failed
authentication attempt.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 688955)
Remaining Estimate: 0h
Time Spent: 10m
> Public key authentication: wrong signature algorithm used (ed25519 key with
> ssh-rsa signature)
> ----------------------------------------------------------------------------------------------
>
> Key: SSHD-1231
> URL: https://issues.apache.org/jira/browse/SSHD-1231
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.7.0
> Reporter: Thomas Wolf
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> See [Eclipse bug
> 577545|https://bugs.eclipse.org/bugs/show_bug.cgi?id=577545]. The following
> scenario
> # Client tries authenticating with a wrong RSA key with signature rsa-sha2-512
> # Server rejects the authentication attempt
> # Client tries the next key (an ed25519 key), but unfortunately with the
> wrong signature algorithm (ss-rsa)
> authentication fails with
> {noformat}
> Exception in thread "main" org.apache.sshd.common.SshException:
> DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute:
> Supplied key (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey
> instance
> at
> org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:131)
> at
> org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:185)
> at
> org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:130)
> at
> org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39)
> at
> org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32)
> at
> org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:43)
> at ch.paranor.thomas.TestClient.testAuth(TestClient.java:44)
> at ch.paranor.thomas.TestClient.main(TestClient.java:58)
> Caused by: java.security.InvalidKeyException: Supplied key
> (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey instance
> at
> org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown
> Source)
> at java.security.Signature$Delegate.engineInitSign(Signature.java:1177)
> at java.security.Signature.initSign(Signature.java:530)
> at
> org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:104)
> at
> org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:81)
> at
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:363)
> at
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:333)
> {noformat}
> Work-arounds:
> * Place RSA keys last in the sequence of keys to be tried
> * Or ensure only actually working keys are used
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
