I do it like this (keyPair from SmartCard): ... List<X509Certificate> certificates = slot.getX509Certificates(KeyUsageIndex.digitalSignature); X509Certificate x509Certificate = certificates.get(0); PublicKey publicKey = x509Certificate.getPublicKey(); PrivateKey privateKey = smartCard.getAssociatedPrivateKey(x509Certificate, null); ... KeyPair keyPair = new KeyPair(publicKey, privateKey); session.addPublicKeyIdentity(keyPair); session.auth().verify(cfg.sshVerifyTime);
cu, Daniel Kirschner -----Ursprüngliche Nachricht----- Von: Artur Socha <aso...@redhat.com> Gesendet: Donnerstag, 25. Februar 2021 09:22 An: users@mina.apache.org Betreff: How to make ssh client to negotiate with server a key type. Hi, I am struggling to figure out how to make ssh client to tell the server to authenticate it with provided type of the key ie RSA and not ECDSA etc. My use case: There is an application (ovirt-engine) that manages some hosts. It connect using ssh to its hosts in various scenarios (ie. host reboot). Historically, after the host was registered to the pool of hosts being managed by ovirt-engine, host's public key fingerprint was generated and stored in database. At that time only RSA keys were allowed. That used to be done with NamedFactory<Signature> and then with client.setSignatureFactories( ... ) Now, we have added support for whatever key type is available (usually the strongest that SSHD can serve). For backward compatibility we would like to allow using 'legacy' RSA keys for hosts already registered. Nowadays, we store the public keys so we can figure out its type and choose proper Signature. However, I am wondering if there is more implicit way in API to configure ssh client so that it could negotiate with server key type. I will appreciate any hints / comments. best, Artur
