tomaswolf closed issue #682: HostKey Algorithm rsa-sha2-512 not supported
URL: https://github.com/apache/mina-sshd/issues/682
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To
tomaswolf commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2705880673
BTW (and unrelated to this problem with Fortinet), this bit in your client
config may be problematic:
```
this.client.setSignatureFactories(
new ArrayList<>(NamedFactor
tomaswolf commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2705851702
Thank you; that helps.
This is clearly a bug in the Fortinet SSH. Compare
-
https://forum.rebex.net/22697/exchange-issues-negotiation-failed-with-fortigate-firewalls
ShawnLiu64857 commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2705284791
@tomaswolf
I think code is correct.
I set up an OpenSSH server myself for testing, using the RSA-SHA2-512
signature algorithm, and was able to connect successfully.
tomaswolf commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2703569953
Our code seems to be correct. Per [RFC 8332, section
3.1](https://datatracker.ietf.org/doc/html/rfc8332#section-3.1) the server is
supposed to send an "ssh-rsa" _key_ and a "rsa-sh
tomaswolf commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2703074191
rsa-sha2-512 and rsa-sha2-256 are not key types, they are signature types.
There are no rsa-sha2-521 keys.
It looks like your server is sending back a wrong key type. What is
thomas-seag commented on issue #682:
URL: https://github.com/apache/mina-sshd/issues/682#issuecomment-2703072741
rsa-sha2-512 and rsa-sha2-256 are not key types, they are signature types.
There are no rsa-sha2-521 keys.
It looks like your server is sending back a wrong key type. What
