-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect determinition of rsa-sha-* signatures support #740
Comments
@vladimirlagunov Just to check, this is now solved with the 2 MRs from yesterday, right? |
Not yet, I'm working on it now. |
…-sha2-* and ssh-rsa Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key. OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key. Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order. Sorry, this commit mostly reverts changes from hierynomus#607.
We have updated to the latest version of sshj in Cyberduck and now there are reports that pubkey auth with RSA keys does not work anymore, e.g. iterate-ch/cyberduck#12733. This is caused by the removed heuristic based on the host key algorithms sent by the server. For older servers without support for As we cannot rely on the SSH extension |
…ierynomus#742) * Improve SshdContainer: log `docker build` to stdout, don't wait too long if container exited * Fix hierynomus#740: Lean on Config.keyAlgorithms choosing between rsa-sha2-* and ssh-rsa Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key. OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key. Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order. Sorry, this commit mostly reverts changes from hierynomus#607. * Introduce ConfigImpl.prioritizeSshRsaKeyAlgorithm to deal with broken backward compatibility Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com> (cherry picked from commit 624747c)
Steps to reproduce
Expected result
SSHJ connects successfully.
Actual result:
Connection failed.
It happens because SSHJ enabled rsa-sha-512 only if a server proposes a host key of type RSA. If the host key type from the instruction changed from ed25519 to rsa, SSHJ would work with the server.
Instead of testing with OpenSSH 8.8, any older OpenSSH version may be used, but then the server should have an option
PubkeyAcceptedAlgorithms=-ssh-rsa
Of course, OpenSSH can connect to such server. However, OpenSSH won't connect if a server prohibits rsa-sha2-* keys (which is a strange scenario, but still possible).
I propose to remove the heuristic based on the host key, and add an analog of
PubkeyAcceptedAlgorithms
, which would allow enabling and disabling any possible signatures, including ssh-rsa, rsa-sha2-256, rsa-sha2-512.The text was updated successfully, but these errors were encountered: