Skip to content
This repository was archived by the owner on Oct 15, 2024. It is now read-only.

Update sshj to 0.30.0 and improve algorithm order #1026

Merged
merged 1 commit into from
Aug 17, 2020
Merged

Update sshj to 0.30.0 and improve algorithm order #1026

merged 1 commit into from
Aug 17, 2020

Conversation

@fmeum
Copy link
Member

@fmeum fmeum commented Aug 17, 2020

📢 Type of change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates

📜 Description

Updates sshj to 0.30.0, which brings support for rsa-sha2-* key types
and bugfixes related to RSA certificates and Android Keystore backed
keys.

Along the way, this improves the algorithm preferences to be consistent
with the Mozilla Intermediate SSH configuration (as far as possible,
given that most certificate types and some encryption algorithms are
not yet supported).

We also add "ext-info-c" to the kex algorithm proposal to work around
certain kinds of "user agent sniffing" that limits the support of
rsa-sha2-* key types.

💡 Motivation and Context

💚 How did you test it?

Not yet, but will later. Please also check for regressions.

📝 Checklist

  • I formatted the code with the IDE's reformat action (Ctrl + Shift + L/Cmd + Shift + L)
  • I reviewed submitted code
  • I added a CHANGELOG entry if applicable

🔮 Next steps

📸 Screenshots / GIFs

@fmeum
Update sshj to 0.30.0 and improve algorithm order
47427c5 
Updates sshj to 0.30.0, which brings support for rsa-sha2-* key types
and bugfixes related to RSA certificates and Android Keystore backed
keys.

Along the way, this improves the algorithm preferences to be consistent
with the Mozilla Intermediate SSH configuration (as far as possible,
given that most certificate types and some encryption algorithms are
not yet supported).

We also add "ext-info-c" to the kex algorithm proposal to work around
certain kinds of "user agent sniffing" that limits the support of
rsa-sha2-* key types.
@fmeum fmeum added this to the 1.11.0 milestone Aug 17, 2020
msfjarvis
msfjarvis reviewed Aug 17, 2020
View reviewed changes
Copy link
Member

@msfjarvis msfjarvis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will approve once I can test.

@fmeum
Copy link
Member Author

fmeum commented Aug 17, 2020

LGTM, will approve once I can test.

Thanks! ed25519, GitHub and old-style key files should be our main focus.

If it's okay with you, I would not do a formal merge for the two big PRs. Two much has changed in the meantime, I would rather force push a handcrafted updated version. But that of course has time since it will only make it into 1.12.0.

@msfjarvis
Copy link
Member

msfjarvis commented Aug 17, 2020

LGTM, will approve once I can test.

Thanks! ed25519, GitHub and old-style key files should be our main focus.

Added a note in my to-do to check those.

If it's okay with you, I would not do a formal merge for the two big PRs. Two much has changed in the meantime, I would rather force push a handcrafted updated version. But that of course has time since it will only make it into 1.12.0.

Yeah absolutely feel free to do whatever you find most comfortable.

@fmeum
Copy link
Member Author

fmeum commented Aug 17, 2020

Tried different key types with GitHub, everything worked well, including rsa-sha2-* keys. @msfjarvis If you could test that 1) old style key files are handled correctly, even if their passphrase is mistyped first and 2) that manually imported ed25519 keys work and maybe 3) that ssh-rsa keys work with a few of your "broken" servers, I think we would be done here.

I will try to get the other two PRs ready to merge right after the August release.

@msfjarvis
Copy link
Member

msfjarvis commented Aug 17, 2020

Tried different key types with GitHub, everything worked well, including rsa-sha2-* keys. @msfjarvis If you could test that 1) old style key files are handled correctly, even if their passphrase is mistyped first and 2) that manually imported ed25519 keys work and maybe 3) that ssh-rsa keys work with a few of your "broken" servers, I think we would be done here.

Just tested all three, seems to work perfectly.

@msfjarvis msfjarvis merged commit 14e3754 into develop Aug 17, 2020
@msfjarvis msfjarvis deleted the dependency/sshj_0.30.0 branch August 17, 2020 19:58
msfjarvis added a commit that referenced this pull request Aug 17, 2020
@msfjarvis
Merge branch 'develop' into feature/sshj_openkeychain
d1065cb 
* develop:
  Update sshj to 0.30.0 and improve algorithm order (#1026)

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
msfjarvis added a commit that referenced this pull request Aug 17, 2020
@msfjarvis
Merge branch 'develop' into enhancement/keep_passphrase_on_error
278ea53 
* develop:
  Update sshj to 0.30.0 and improve algorithm order (#1026)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Skrilltrax Skrilltrax Awaiting requested review from Skrilltrax

1 more reviewer

@msfjarvis msfjarvis msfjarvis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.11.0

Development

Successfully merging this pull request may close these issues.

3 participants

@fmeum @msfjarvis