-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can you implement ed25519 certificates on sftp external archiving module? #21373
Comments
You tried to use a certificate ed25519 and it does not work? |
nextcloud itself generates a public key that I have to copy to a file and then feed it to the ssh configuration file, and that key it generates is only rsa and not ed25519 |
cc @nextcloud/security |
Doesn't look like there are related php modules available by default |
We have to wait for phpseclib/phpseclib#1309 which is planned for phpseclib 3. |
in fact it could also leave rsa as valid certificates for ssh, this would lead me to have sftp folders also in active localhost. but i have everything in ed25519 on my server and you wanted to avoid reusing rsa. the parameters that I have in ssh server are the following:
there are also ed25519-sk for hw tokens, but I don't want so much it would be enough for me to recognize nectcloud the ed25519 certificates for sftp protocol |
The library used to generated the rsa keys does not support ed25519 yet. We have to wait for an update. A workaround could be to use "RSA private key" and generate the required keys yourself. |
you mean I can use the rsa private key entry to put the private key ed25519 in it? or anyway I have to use a private rsa key? |
I think so. For any further questions https://help.nextcloud.com. |
There is a new version of phpseclib in version 3.0 that supports those new ciphers as of: https://github.com/phpseclib/phpseclib / https://github.com/phpseclib/phpseclib/releases |
We updated to 2.0.30 recently: 3.0 seems to support php 5.6.1 or later so when there is no other lib depending on it anyone could look into an update |
I suppose this issue is still valid? |
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. |
Yes still open (checked on 21.0.3) it uses old phpseclib 2. |
I currently manage several nextcloud v19 and v18 distributions on which I have activated the module for storing external folders, and often I find myself managing this module with rsa key authentication, it is possible to also give it authentication with public / private signature certificates also with elliptic curve certificates see keys ed25519? currently, as can also be seen from the attached authentication via sftp, it is possible only by using private or public key rsa non ed25519 or ecdsa
The text was updated successfully, but these errors were encountered: