You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Set configured key algorithms to contain KeyAlgorithms.RSASHA256().
Try to connect to github.com (or bitbucket.org).
The following exception (truncated to the part that is sshj-related) is thrown:
Caused by: net.schmizz.sshj.transport.TransportException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:33)
at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:27)
at net.schmizz.concurrent.Promise.deliverError(Promise.java:95)
at net.schmizz.concurrent.Event.deliverError(Event.java:74)
at net.schmizz.concurrent.ErrorDeliveryUtil.alertEvents(ErrorDeliveryUtil.java:34)
at net.schmizz.sshj.transport.KeyExchanger.notifyError(KeyExchanger.java:398)
at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:613)
at net.schmizz.sshj.transport.Reader.run(Reader.java:66)
Caused by: net.schmizz.sshj.common.SSHException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:36)
at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:29)
at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:608)
at net.schmizz.sshj.transport.Reader.run(Reader.java:66)
Caused by: net.schmizz.sshj.common.SSHRuntimeException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
at net.schmizz.sshj.signature.AbstractSignature.extractSig(AbstractSignature.java:107)
at net.schmizz.sshj.signature.SignatureRSA.verify(SignatureRSA.java:119)
at net.schmizz.sshj.transport.kex.AbstractDHG.next(AbstractDHG.java:85)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:370)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:514)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
When using KeyAlgorithms.SSHRSA() or the 0.29.0 release, everything works fine.
It seems that GitHub is sending an ssh-rsa signature in the key exchange even though sshj believes that it successfully negotiated rsa-sha2-256 as the server host key signature algorithm. When connecting to GitHub with OpenSSH, it successfully negotiates rsa-sha2-512, so this is not simply due to missing support on GitHub.
The text was updated successfully, but these errors were encountered:
This turned out to be a spec deviation by GitHub's SSH server implementation: They send ssh-rsa signatures even though rsa-sha2-512 was negotiated if the client does not indicate support for SSH_MSG_EXT_INFO by offering the (fake) kex algorithm ext-info-c. This violates https://tools.ietf.org/html/rfc8332#section-3.1.
Since working around this issue is quite simple and should improve overall compatibility, I have created #622.
Steps to reproduce:
KeyAlgorithms.RSASHA256()
.github.com
(orbitbucket.org
).When using
KeyAlgorithms.SSHRSA()
or the 0.29.0 release, everything works fine.It seems that GitHub is sending an
ssh-rsa
signature in the key exchange even though sshj believes that it successfully negotiatedrsa-sha2-256
as the server host key signature algorithm. When connecting to GitHub with OpenSSH, it successfully negotiatesrsa-sha2-512
, so this is not simply due to missing support on GitHub.The text was updated successfully, but these errors were encountered: