[SSHD-1216] Server-side server-sig-algs KEX extension #204
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Provide a default implementation for the server-side SSH_MSG_EXT_INFO
message sending including the server-sig-algs KEX extension.[1]
A server that implements the rsa-sha2-512 or rsa-sha2-256 signature
algorithms should implement this extension, otherwise even clients that
also have these signature algorithms may fall back to ssh-rsa to avoid
authentication penalties.[2]
Apache MINA sshd servers by default do implement the SHA-2 RSA
signatures, and an Apache MINA sshd client by default does request KEX
extension information and does handle the server-sig-algs extension. So
an Apache MINA sshd server should by default implement this extension.
This implementation sends the server-sig-algs extension record once at
the end of the initial key exchange.
[1] https://tools.ietf.org/html/rfc8308
[2] https://tools.ietf.org/html/rfc8332#section-3.3