Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while using ed25519 for host key and rsa for authorization #470

Closed
Anddd7 opened this issue Nov 15, 2018 · 1 comment
Closed

Error while using ed25519 for host key and rsa for authorization #470

Anddd7 opened this issue Nov 15, 2018 · 1 comment

Comments

@Anddd7
Copy link

Anddd7 commented Nov 15, 2018
edited
Loading

Hello, I'm a newer here.

I use atmoz/sftp, which is using ssh-ed25519 to verify the host key and ssh-rsa to authorize login user, to setup a sftp server in docker and try to use sshj to connect it.

// Docker
docker run \
 -v /mydir/id_rsa.pub:/home/foo/.ssh/keys/id_rsa.pub:ro \
 -v /mydir/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \
 -v /mydir/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
 -v /shared:/home/foo \
 -p 2222:22 \
 -d atmoz/sftp \
 foo::1001

I use the default config to connect, it throw an error:

// Code
val ssh = SSHClient()

// Log
Can not connect remote server: Could not verify `ssh-rsa` host key with fingerprint `6d:4a:ab:ab:fe:4d:0d:6f:28:3a:d1:a7:a2:ef:8f:84` for `localhost` on port 2222

And my known_hosts is: [localhost]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJvGoR2swFI20//fm5a2rXygz3rA4Vk9AggWOWdPwy3

I guess it use a wrong algorithm, so I modify the order of signature factories:

// Code
val config = DefaultConfig()
config.setSignatureFactories(
    SignatureEdDSA.Factory(),    // it's the last one by default
    SignatureECDSA.Factory256(),
    SignatureECDSA.Factory384(),
    SignatureECDSA.Factory521(),
    SignatureRSA.Factory(),
    SignatureDSA.Factory()
)
ssh = SSHClient(config)

Then it works.

I'm not sure this is the right solution. Can anyone help me to understand this?
@hierynomus
Copy link
Owner

You've given the SFTP server 2 keys (ssh-rsa and ssh-ed25519), but you've only trusted the ssh-ed25519 key in your known_hosts. The server and client however negotiate the SignatureRSA algorithm as that is higher up in the list. I'll reorder the list to ensure that the 'most secure' is on top.
Thanks!

@note note mentioned this issue Oct 25, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hierynomus @Anddd7