sshd: try all configured signature algorithms for a key - jgit.git - JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit

diff options

author	Thomas Wolf <thomas.wolf@paranor.ch>	2021-03-19 09:35:34 +0100
committer	Thomas Wolf <thomas.wolf@paranor.ch>	2021-03-19 17:28:24 +0100
commit	fd3edc7bfc65f9bdfe785c92c72790261881dd40 (patch)
tree	a0bace2a047603ce40ed087dfba9f2efec753dd5 /org.eclipse.jgit.ssh.jsch.test
parent	6faee128f8930b851d33f1f06cb77b3e1b9a0cc5 (diff)
download	jgit-fd3edc7bfc65f9bdfe785c92c72790261881dd40.tar.gz jgit-fd3edc7bfc65f9bdfe785c92c72790261881dd40.zip

sshd: try all configured signature algorithms for a key

For RSA keys, there may be several configured signature algorithms: rsa-sha2-512, rsa-sha2-256, and ssh-rsa. Upstream sshd has bug SSHD-1105 [1] and always and unconditionally uses only the first configured algorithm. With the default order, this means that it cannot connect to a server that knows only ssh-rsa, like for instance Apache MINA sshd servers older than 2.6.0. This affects for instance bitbucket.org or also AWS Code Commit. Re-introduce our own pubkey authenticator that fixes this. Note that a server may impose a penalty (back-off delay) for subsequent authentication attempts with signature algorithms unknown to the server. In such cases, users can re-order the signature algorithm list via the PubkeyAcceptedAlgorithms (formerly PubkeyAcceptedKeyTypes) ssh config. [1] https://issues.apache.org/jira/browse/SSHD-1105 Bug: 572056 Change-Id: I7fb9c759ab6532e5f3b6524e9084085ddb2f30d6 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

Diffstat (limited to 'org.eclipse.jgit.ssh.jsch.test')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: