Need my client to send rsa-ssh keys not rsa-sha2-512 to support older OpenSSh versions

Mon, 05 Apr 2021 10:00:01 -0700 

Hello,

Recently I have been removing JSCH from a java client and replacing it with 
org.apache.sshd 2.6.0.  Unfortunately, my java client runs on linux 6.8 and the 
server is linux 6.10.  So far, I can authenticate with password but not with a 
key pair that comes from my server.
When the certificates fail to authenticate I get the following message on the 
server: "userauth_pubkey: unsupported public key algorithm: rsa-sha2-512".  
From web searches I have discovered that rsa-sha2-512 is not supported until 
greater than OpenSSH_5.7.  The servers that I need to support are running 
OpenSSH_5.3p1.

Can anyone guide me on how to modify the org.apache.sshd 2.6.0 client to use 
the rsa-ssh key algorithm rather than the rsa-sha2-512 key algorithm?

Here is my code:

   public void open() throws Exception {

        this.setSshClient(SshClient.setUpDefaultClient());
        PropertyResolverUtils.updateProperty(this.getSshClient(), 
"KnownHostsServerKeyVerifier.STRICT_CHECKING_OPTION", false);
        this.getSshClient().start();

        // setup the ClientsSession
        this.setClientSession(this.getSshClient().connect(this.getUserName(), 
getHost(), getPort()).verify(getDefaultTimeout(), 
TimeUnit.MILLISECONDS).getSession());

        String[] aKeyStringArray = {"RSA", "ssh-rsa"};
        Vector<String> aKeyTypeList =  new 
Vector<String>(Arrays.asList(aKeyStringArray));

        Map<String, KeyPair> aKeyPairMap = 
ClientIdentity.loadIdentities(getClientSession(), 
Paths.get("/u01/home/acs_oracle/.aspclient/lib"), false, aKeyTypeList, this, 
null, LinkOption.NOFOLLOW_LINKS);

        for(KeyPair aKeyPair : aKeyPairMap.values()) {
               this.getClientSession().addPublicKeyIdentity(aKeyPair);
        }

        this.getClientSession().auth().verify(this.getDefaultTimeout(), 
TimeUnit.MILLISECONDS);

        // setup the SftpClient
        SftpClientFactory sfactory = SftpClientFactory.instance();
        this.setSftpClient(sfactory.createSftpClient(this.getClientSession()));

    }

    @Override
    public Object apply(Object t) {
        this.getLogger().info("MPW-SshdSftpIssue.apply");
        if (t != null) this.getLogger().info("MPW-SshdSftpIssue.apply t:" + 
t.toString());

        if ("RSA".equals(t)) return "sdp2_key";
        if ("ssh-rsa".equals(t)) return "sdp2_key.pub";
        return null;
    }

Reply via email to