Support RFC 8308 + support several Tectia (ssh.com) algorithms #64

norrisjeremy · 2021-08-23T14:06:12Z

Added support for RFC 8308 extension negotiation and server-sig-algs extension
- This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or jsch.enable_server_sig_algs system property)
- When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
- Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for OpenSSH bug 2680
Added support for various algorithms supported by Tectia (ssh.com):
Added support for SHA224 to FingerprintHash
Fixing #52
Deprecate void setFilenameEncoding(String encoding) in favor of void setFilenameEncoding(Charset encoding) in ChannelSftp
Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to ChannelAgentForwarding
Address #65 by adding ssh-agent support derived from jsch-agent-proxy
- See examples/JSchWithAgentProxy.java for simple example
- ssh-agent support requires either Java 16's JEP 380 or the addition of junixsocket to classpath
- Pageant support is untested & requires the addition of JNA to classpath

- [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected]

norrisjeremy · 2021-09-02T02:30:58Z

FYI, in addition to testing the Tectia (ssh.com) algorithms against the AsyncSSH library, I also wrote a local integration test against the actual Tectia SSH server and the new algorithms in this PR seemed to work fine with it as well.

…er instead of attempting to use Implementation Version from MANIFEST.MF.

…ost_key_types system property & also fix minor formatting issues.

mwiede · 2021-09-06T12:20:37Z

Thanks @norrisjeremy

mwiede · 2021-09-06T12:23:58Z

Readme.md

+* [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66)
+  * Added support for [RFC 8308](https://datatracker.ietf.org/doc/html/rfc8308) extension negotiation and server-sig-algs extension
+    * This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or `jsch.enable_server_sig_algs` system property)
+    * When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
+    * Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for [OpenSSH bug 2680](https://bugzilla.mindrot.org/show_bug.cgi?id=2680)
+  * Added support for various algorithms supported by Tectia (ssh.com):
+    * diffie-hellman-group14-sha224@<!-- -->ssh.com
+    * diffie-hellman-group14-sha256@<!-- -->ssh.com
+    * diffie-hellman-group15-sha256@<!-- -->ssh.com
+    * diffie-hellman-group15-sha384@<!-- -->ssh.com
+    * diffie-hellman-group16-sha384@<!-- -->ssh.com
+    * diffie-hellman-group16-sha512@<!-- -->ssh.com
+    * diffie-hellman-group18-sha512@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha224@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha384@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha512@<!-- -->ssh.com
+    * hmac-sha224@<!-- -->ssh.com
+    * hmac-sha256@<!-- -->ssh.com
+    * hmac-sha256-2@<!-- -->ssh.com
+    * hmac-sha384@<!-- -->ssh.com
+    * hmac-sha512@<!-- -->ssh.com
+    * ssh-rsa-sha224@<!-- -->ssh.com
+    * ssh-rsa-sha256@<!-- -->ssh.com
+    * ssh-rsa-sha384@<!-- -->ssh.com
+    * ssh-rsa-sha512@<!-- -->ssh.com
+  * Added support for SHA224 to FingerprintHash
+  * Fixing [#52](https://github.com/mwiede/jsch/issues/52)
+  * Deprecate `void setFilenameEncoding(String encoding)` in favor of `void setFilenameEncoding(Charset encoding)` in `ChannelSftp`
+  * Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to `ChannelAgentForwarding`
+  * Address [#65](https://github.com/mwiede/jsch/issues/65) by adding ssh-agent support derived from [jsch-agent-proxy](https://github.com/ymnk/jsch-agent-proxy)
+    * See `examples/JSchWithAgentProxy.java` for simple example
+    * ssh-agent support requires either [Java 16's JEP 380](https://openjdk.java.net/jeps/380) or the addition of [junixsocket](https://github.com/kohlschutter/junixsocket) to classpath
+    * Pageant support is untested & requires the addition of [JNA](https://github.com/java-native-access/jna) to classpath


@norrisjeremy I think we should put release notes at the releases in the futures. Otherwise one gets lost on the readme.

Do you mean splitting them out into a ChangeLog.md?

mwiede · 2021-09-06T13:03:47Z

No, I think we can collect "features" on the readme.md, but changes can be set on a release page on github itself. Otherwise it would be just duplicated information.

…

On Mon, Sep 6, 2021 at 2:25 PM Jeremy Norris ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In Readme.md <#64 (comment)>: > +* [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66) + * Added support for [RFC 8308](https://datatracker.ietf.org/doc/html/rfc8308) extension negotiation and server-sig-algs extension + * This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or `jsch.enable_server_sig_algs` system property) + * When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication + * Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for [OpenSSH bug 2680](https://bugzilla.mindrot.org/show_bug.cgi?id=2680) + * Added support for various algorithms supported by Tectia (ssh.com): + * diffie-hellman-group14-sha224@ssh.com + * diffie-hellman-group14-sha256@ssh.com + * diffie-hellman-group15-sha256@ssh.com + * diffie-hellman-group15-sha384@ssh.com + * diffie-hellman-group16-sha384@ssh.com + * diffie-hellman-group16-sha512@ssh.com + * diffie-hellman-group18-sha512@ssh.com + * diffie-hellman-group-exchange-sha224@ssh.com + * diffie-hellman-group-exchange-sha384@ssh.com + * diffie-hellman-group-exchange-sha512@ssh.com + * hmac-sha224@ssh.com + * hmac-sha256@ssh.com + * hmac-sha256-2@ssh.com + * hmac-sha384@ssh.com + * hmac-sha512@ssh.com + * ssh-rsa-sha224@ssh.com + * ssh-rsa-sha256@ssh.com + * ssh-rsa-sha384@ssh.com + * ssh-rsa-sha512@ssh.com + * Added support for SHA224 to FingerprintHash + * Fixing [#52](#52) + * Deprecate `void setFilenameEncoding(String encoding)` in favor of `void setFilenameEncoding(Charset encoding)` in `ChannelSftp` + * Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to `ChannelAgentForwarding` + * Address [#65](#65) by adding ssh-agent support derived from [jsch-agent-proxy](https://github.com/ymnk/jsch-agent-proxy) + * See `examples/JSchWithAgentProxy.java` for simple example + * ssh-agent support requires either [Java 16's JEP 380](https://openjdk.java.net/jeps/380) or the addition of [junixsocket](https://github.com/kohlschutter/junixsocket) to classpath + * Pageant support is untested & requires the addition of [JNA](https://github.com/java-native-access/jna) to classpath Do you mean splitting them out into a ChangeLog.md? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#64 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAL6NOCUEPFPAR5VOPJKI33UASXL3ANCNFSM5CUVFBSA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

norrisjeremy · 2021-09-06T13:17:58Z

Hmm, ok. My only thought would be that would put all the burden on your shoulders, since there wouldn't be any file in the git repo itself that contained "release notes" for myself or others to include in submitted PRs.

norrisjeremy · 2021-09-06T13:22:10Z

FYI, I may have another PR submitted later today, that would enhance the new ssh-agent support to allow usage of key algorithms that are not supported in JSch due to missing algorithms support.
I.e., if ssh-agent holds an ssh-ed25519 key, allow it even if it is Java version < 15 (JSch doesn't need to generate the signature itself, so the fact that Ed25519 doesn't work for Java < 15 doesn't matter).

mwiede · 2021-09-06T13:24:32Z

Alright. I am fine, if we maintain a changelog.md file but I found it useful to look up release notes on the release pages

mwiede · 2021-09-06T13:24:57Z

ok, I will wait with the release, no problem

norrisjeremy added 2 commits August 23, 2021 09:03

Add tests for setting DHGEX sizes.

4cfaf2b

Correct JZlib version.

126fbac

norrisjeremy force-pushed the 20210823 branch from 2854b3e to 126fbac Compare September 2, 2021 02:08

norrisjeremy changed the title ~~Add tests for setting DHGEX sizes~~ RFC8308 support & support for Tectia (ssh.com) algorithms Sep 2, 2021

norrisjeremy changed the title ~~RFC8308 support & support for Tectia (ssh.com) algorithms~~ RFC 8308 support & support for several Tectia (ssh.com) algorithms Sep 2, 2021

norrisjeremy changed the title ~~RFC 8308 support & support for several Tectia (ssh.com) algorithms~~ RFC 8308 & support for several Tectia (ssh.com) algorithms Sep 2, 2021

norrisjeremy force-pushed the 20210823 branch from 5cb2f79 to 6e33cd1 Compare September 2, 2021 02:24

norrisjeremy changed the title ~~RFC 8308 & support for several Tectia (ssh.com) algorithms~~ Support RFC 8308 + support for several Tectia (ssh.com) algorithms Sep 2, 2021

norrisjeremy changed the title ~~Support RFC 8308 + support for several Tectia (ssh.com) algorithms~~ Support RFC 8308 + support several Tectia (ssh.com) algorithms Sep 2, 2021

norrisjeremy mentioned this pull request Sep 2, 2021

ChannelForwardedTCPIP.getPortForwarding(Session) DO NOT CHECK a Session instance. #52

Closed

norrisjeremy force-pushed the 20210823 branch from 6e33cd1 to 2f985b9 Compare September 2, 2021 11:17

norrisjeremy added 7 commits September 2, 2021 06:27

Implement RFC8308 extension negotiation and server-sig-algs extension.

c17147c

Use templating-maven-plugin to generate a class with the version numb…

19134f6

…er instead of attempting to use Implementation Version from MANIFEST.MF.

Add notes regarding DHGEX runtime size configuration + prefer_known_h…

5259d50

…ost_key_types system property & also fix minor formatting issues.

Update from gitignore.io.

d7131e6

Add Maven Wrapper.

812fe23

Update dependencies to latest versions.

ef93bf8

#52 only return Remote Port Forwardings for the specific Session.

911358b

norrisjeremy force-pushed the 20210823 branch from 2f985b9 to 911358b Compare September 2, 2021 11:28

norrisjeremy added 4 commits September 3, 2021 06:23

Use java.nio.charset.Charset instead of charset String names.

b56e5ef

Convert from StringBuffer to StringBuilder.

ccfb394

Remove unnecessary synchronization on javax.crypto.Cipher.class.

44cfe3b

Use correct variable index when checking for revoked host keys.

f824c38

norrisjeremy force-pushed the 20210823 branch from f41947c to 436a24d Compare September 4, 2021 04:02

Add support for rsa-sha2-256 & rsa-rsa2-512 to ChannelAgentForwarding.

bb76299

norrisjeremy force-pushed the 20210823 branch from 436a24d to bb76299 Compare September 4, 2021 04:02

Staticize constants and remove unused variable.

e4c97e7

norrisjeremy force-pushed the 20210823 branch from d77a294 to 2bd3015 Compare September 4, 2021 22:40

norrisjeremy mentioned this pull request Sep 4, 2021

Support for ssh-agent? #65

Closed

norrisjeremy force-pushed the 20210823 branch 5 times, most recently from ef1e8be to f314e02 Compare September 5, 2021 12:02

norrisjeremy added 4 commits September 6, 2021 06:11

#65 add ssh-agent support based on jsch-agent-proxy.

90a711b

Add clean plugin.

8fd6abd

Update wagon-ssh-external to latest version.

7b3366f

Switch to setup-java@v2.

511384b

norrisjeremy force-pushed the 20210823 branch from aabd39d to 511384b Compare September 6, 2021 11:22

mwiede merged commit 8061e21 into mwiede:master Sep 6, 2021

mwiede reviewed Sep 6, 2021

View reviewed changes

norrisjeremy deleted the 20210823 branch September 7, 2021 12:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support RFC 8308 + support several Tectia (ssh.com) algorithms #64

Support RFC 8308 + support several Tectia (ssh.com) algorithms #64

norrisjeremy commented Aug 23, 2021 •

edited

Loading

norrisjeremy commented Sep 2, 2021

mwiede commented Sep 6, 2021

mwiede Sep 6, 2021

norrisjeremy Sep 6, 2021

mwiede commented Sep 6, 2021 via email

norrisjeremy commented Sep 6, 2021

norrisjeremy commented Sep 6, 2021 •

edited

Loading

mwiede commented Sep 6, 2021

mwiede commented Sep 6, 2021

Support RFC 8308 + support several Tectia (ssh.com) algorithms #64

Support RFC 8308 + support several Tectia (ssh.com) algorithms #64

Conversation

norrisjeremy commented Aug 23, 2021 • edited Loading

norrisjeremy commented Sep 2, 2021

mwiede commented Sep 6, 2021

mwiede Sep 6, 2021

Choose a reason for hiding this comment

norrisjeremy Sep 6, 2021

Choose a reason for hiding this comment

mwiede commented Sep 6, 2021 via email

norrisjeremy commented Sep 6, 2021

norrisjeremy commented Sep 6, 2021 • edited Loading

mwiede commented Sep 6, 2021

mwiede commented Sep 6, 2021

norrisjeremy commented Aug 23, 2021 •

edited

Loading

norrisjeremy commented Sep 6, 2021 •

edited

Loading