source.dussan.org Git - jgit.git/commit

author	Thomas Wolf <thomas.wolf@paranor.ch>
	Thu, 18 Mar 2021 20:16:48 +0000 (21:16 +0100)
committer	Thomas Wolf <thomas.wolf@paranor.ch>
	Fri, 19 Mar 2021 16:27:03 +0000 (17:27 +0100)
commit	ffc1f9b02618a59ee72298e9af15f64fe157fa8a
tree	e84cb42ffa06acbaa78a721d3e4ad465555cf78a	tree \| snapshot
parent	e5aa53fec99bb7ec45442ab3d0ba58e1d52ee248	commit \| diff

sshd: implement ssh config PubkeyAcceptedAlgorithms

Apache MINA sshd 2.6.0 appears to use only the first appropriate
public key signature algorithm for a particular key. See [1]. For
RSA keys, that is rsa-sha2-512. This breaks authentication at servers
that only know the older (and deprecated) ssh-rsa algorithm.

With PubkeyAcceptedAlgorithms, users can re-order algorithms in
the ssh config file per host, if needed. Setting

PubkeyAcceptedAlgorithms ^ssh-rsa

will put "ssh-rsa" at the front of the list of algorithms, and then
authentication at such servers with RSA keys works again.

[1] https://issues.apache.org/jira/browse/SSHD-1105

Bug: 572056
Change-Id: I86c3b93f05960c68936e80642965815926bb2532
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF		diff \| blob \| history
org.eclipse.jgit.ssh.apache.test/build.properties		diff \| blob \| history
org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java		diff \| blob \| history
org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties		diff \| blob \| history
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java		diff \| blob \| history
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java		diff \| blob \| history
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java		diff \| blob \| history
org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java		diff \| blob \| history