tomaswolf commented on PR #368: URL: https://github.com/apache/mina-sshd/pull/368#issuecomment-1536123507
I don't think this is correct. First, the client has already sent its KEX proposal, with a different list. The server-sig-algs KEX extension message can arrive only after the server has received the client's KEX proposal, and that includes ext-info-c. Second, server-sig-algs is signature algorithms, not key types. But known_hosts records key types. So for RSA keys, they might not match. (Key type "ssh-rsa", signature algorithm for instance "rsa-sha2-512".) In JGit, we've implemented this "prefer already known keys" in `ClientSession.resolveAvailableSignaturesProposal()`, and we make sure to add all three RSA signature algorithm names at the front if ssh-rsa is a known host key type. Getting the order wrong in the KEX proposal may lead to hard to track down negotiation failures such as [Eclipse bug 574635](https://bugs.eclipse.org/bugs/show_bug.cgi?id=574635). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
