[ https://issues.apache.org/jira/browse/SSHD-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Wolf updated SSHD-1231: ------------------------------ Fix Version/s: 2.9.0 (was: 2.8.1) > Public key authentication: wrong signature algorithm used (ed25519 key with > ssh-rsa signature) > ---------------------------------------------------------------------------------------------- > > Key: SSHD-1231 > URL: https://issues.apache.org/jira/browse/SSHD-1231 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 2.7.0, 2.8.0 > Reporter: Thomas Wolf > Assignee: Thomas Wolf > Priority: Major > Fix For: 2.9.0 > > Time Spent: 20m > Remaining Estimate: 0h > > See [Eclipse bug > 577545|https://bugs.eclipse.org/bugs/show_bug.cgi?id=577545]. The following > scenario > # Client tries authenticating with a wrong RSA key with signature > rsa-sha2-512 > # Server rejects the authentication attempt > # Client tries the next (correct) key (an ed25519 key), but unfortunately > with the wrong signature algorithm (ssh-rsa) > authentication fails with > {noformat} > Exception in thread "main" org.apache.sshd.common.SshException: > DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: > Supplied key (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey > instance > at > org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:131) > at > org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:185) > at > org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:130) > at > org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39) > at > org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32) > at > org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:43) > at ch.paranor.thomas.TestClient.testAuth(TestClient.java:44) > at ch.paranor.thomas.TestClient.main(TestClient.java:58) > Caused by: java.security.InvalidKeyException: Supplied key > (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey instance > at > org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown > Source) > at java.security.Signature$Delegate.engineInitSign(Signature.java:1177) > at java.security.Signature.initSign(Signature.java:530) > at > org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:104) > at > org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:81) > at > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:363) > at > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:333) > {noformat} > This exception is thrown in the client if the server is an OpenSSH server. In > step 3 above, the following occurs: > * Clients sends SSH_MSG_USERAUTH_REQUEST signature type=ssh-rsa, > pubkey=ed25519_key, hasSig=false. > * OpenSSH server checks pubkey against authorized keys and finds a match; > replies SSH_MSG_USERAUTH_PK_OK ssh-rsa, ed25519_key. > * Client tries to build a ssh-rsa signature with the ed25519 key and gets > the exception. > With an Apache MINA sshd server, the exception occurs on the server side: > * Clients sends SSH_MSG_USERAUTH_REQUEST signature type=ssh-rsa, > pubkey=ed25519_key, hasSig=false. > * Apache MINA sshd server initializes a signature verifier with ssh-rsa and > the ed25519 key, gets the exception, and replies SSH_MSG_USERAUTH_FAILURE. > * Client skips this key and tries the next one, if any. > Work-arounds: > * Place RSA keys last in the sequence of keys to be tried > * Or ensure only actually working keys are used -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org