New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ed25519 keys not working #352

Open
brianmhunt opened this Issue Nov 5, 2015 · 13 comments

Comments

Projects
None yet
6 participants
@brianmhunt
Copy link

brianmhunt commented Nov 5, 2015

Not sure if this is an issue here or upstream, but I just wanted to give a heads up that ed25519 host keys do not appear to be supported.

When running e.g.

conn = new require('ssh2')()
conn.connect({
  host: 'host.local',
  port: "22",
  username: "bmh",
  agent: process.env['SSH_AUTH_SOCK'],
  debug: console.log})

The output includes:

DEBUG: (local) Host key formats: ssh-rsa,ssh-dss
DEBUG: (remote) Host key formats: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

I doubt there's anything on my end (Mac OS X 10.11.1; node 5.0.0; fresh package install of ssh2@04.12); it looks like the support is simply not yet in ssh2-streams. I can re-file a bug there, if that is preferable.

🍻

@brianmhunt

This comment has been minimized.

Copy link

brianmhunt commented Nov 5, 2015

Notable link on ed25519 support in Node: nodejs/node#2144

Two options:

@mscdex

This comment has been minimized.

Copy link
Owner

mscdex commented Nov 5, 2015

Yes, this is a known issue. The problem though is that the pure js implementations for some of these algorithms that OpenSSL currently does not support are slow.

I think I would only want to start incorporating these pure js algorithm solutions once there is the ability to override the hard-coded list of algorithms, ciphers, etc. This way if someone doesn't want to use the pure js algorithms (for performance reasons), then they can (easily) opt out of that. However, I haven't had time to work on this.

@brianmhunt

This comment has been minimized.

Copy link

brianmhunt commented Nov 5, 2015

Thanks @mscdex

I appreciate the concerns over performance issue and opting-out.

As host key algorithm itself is only run once per connection, the performance of that particular implementation should not be a big concern. That said, I understand why you would want to make sure an opt-out scheme of some sort would be in place before going down this road.

Cheers.

@mscdex

This comment has been minimized.

Copy link
Owner

mscdex commented Feb 27, 2016

FWIW I've just landed ECDSA support in ssh2/ssh2-streams and it works, but will need to write tests for it yet.

I'm still not sure when/if OpenSSL will support ed25519 though. There is an ed25519 issue on OpenSSL's repo here FWIW. There is also another OpenSSL github issue for curve25519 here that is supposedly "in progress" and a related node issue here.

I should also note I would be open to the possibility of having an optionalDependency on a compiled addon that implemented ed* key support.

@stefreak

This comment has been minimized.

Copy link

stefreak commented Mar 30, 2017

openssl/openssl#309 says "x25519 is in [OpenSSL] 1.1"

Can this be implemented now? I would appreciate it enormously :)

@mscdex

This comment has been minimized.

Copy link
Owner

mscdex commented Mar 30, 2017

It won't be supported at least until OpenSSL 1.1.x is included in a version of node. See this PR for more information.

@karlhorky

This comment has been minimized.

Copy link

karlhorky commented Jun 25, 2018

I suppose nodejs/node#18770 is the more updated issue now (OpenSSL 1.1.1).

@karlhorky

This comment has been minimized.

Copy link

karlhorky commented Jun 25, 2018

Oh wait, reading a bit deeper, in that issue there is the line:

We currently have 1.1.0 support in Node

Looks like this is supported after all now:

Node.js 10: nodejs/node#16130 (comment)
Node.js 8 backport: nodejs/node#18622 (comment)

@Eugeny

This comment has been minimized.

Copy link

Eugeny commented Oct 27, 2018

@mscdex could you please also consider adding an ed25519 PPK parser?

@themarkymark-steem

This comment has been minimized.

Copy link

themarkymark-steem commented Jan 18, 2019

Any update on this?
Would be awesome if you could provide support for ed25519

@mscdex

This comment has been minimized.

Copy link
Owner

mscdex commented Jan 18, 2019

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

@themarkymark-steem

This comment has been minimized.

Copy link

themarkymark-steem commented Jan 19, 2019

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

Looks like it's about to happen.
nodejs/node#25381

@mscdex

This comment has been minimized.

Copy link
Owner

mscdex commented Jan 19, 2019

Right, but it will still take time before it makes it into a release and then into the hands of end users :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment