- Adjusted test classes to work with Apache SSHD 2.8.0
- Upgraded Bouncy Castle from 1.69 to 1.70
- Upgraded Apache SSHD from 2.1.0 to 2.8.0
- Upgraded JUnit from 4.12 to 4.13.2
- Upgraded Mockito from 2.28.2 to 4.2.0
- Upgraded Logback from 1.2.6 to 1.2.9
- Upgraded Apache HTTP Client from 4.5.9 to 4.5.14
* Improve SshdContainer: log `docker build` to stdout, don't wait too long if container exited
* Fix#740: Lean on Config.keyAlgorithms choosing between rsa-sha2-* and ssh-rsa
Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key.
OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key.
Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order.
Sorry, this commit mostly reverts changes from #607.
* Introduce ConfigImpl.prioritizeSshRsaKeyAlgorithm to deal with broken backward compatibility
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Fix: if the client knows CA key, it should send host key algo proposal for certificates
* Run specific SSH server in KeyWithCertificateSpec
Required to verify the case with wrong host key algorithm proposals. See #733
* Split KeyWithCertificateSpec into HostKeyWithCertificateSpec and PublicKeyAuthWithCertificateSpec
Prevents from starting unnecessary SSHD containers, making the tests run a bit faster when they are launched separately.
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* full support for encrypted PuTTY v3 files (Argon2 library not included)
* simplified the PuTTYKeyDerivation interface and provided an abstract PuTTYArgon2 class for an easy Argon2 integration
* use Argon2 implementation from Bouncy Castle
* missing license header added
* license header again
* unit tests extended to cover all Argon2 variants and non-standard Argon2 parameters; verify the loaded keys
* Enable renaming with flags
The SFTP protocol allows to rename files by specifying
extra flags:
- OVERWRITE
- ATOMIC
- NATIVE
The flags are exposed through a new RenameFlags enum and
can be passed as parameters to the rename() method in
SFTPClient/SFTPEngine.
Relates to #563
* Update RenameFlags.java
* Update RenameFlags.java
* Align license header with all other files
* Make RenameFlags parameter in line with OpenMode(s)
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys
* Remove unndeeded BC call.
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Prefer known algorithm for known host
(#642, #635... 10? issues)
Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.
If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.
* Add support for multiple matching hostkeys, in configuration order
Co-authored-by: Bernie Day <bday@jvncomm.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Support v3 PuTTY keys
* add test for putty v3 key
* Format PuTTYKeyFile to fix Codacy warnings
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Add key types for ECDSA and ED25519 with certificates to implement publickey auth with that keys.
* Read public key certificates in OpenSSHKeyV1KeyFile.
* Fix ClassCastException in ECDSAVariationsAdapter.isECKeyWithFieldSize.
* Introduce an integration test for publickey auth with certificates.
* Refactor: merge copy-paste from OpenSshKey*File.java into an util class.
* Add the license to KeyWithCertificateSpec.groovy
* Add the license to OpenSSHKeyFileUtil.java
* Support writing unsigned integers to buffer, this is required to support channel ids greater than Integer.MAX_VALUE
fixeshierynomus/sshj#690
* Fix incorrect test
* Fix indentation to make codacy happy
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Added an override for copy method, allowing the user to specify whether preserve flag is used in the SCP command.
- Propagated the preserveTime boolean to process method to skip preserveTimeIfPossible when it's not desired
* Support ED25519 PuTTY keys.
Fix#659
* PuTTYKeyFile: Use net.schmizz.sshj.common.Buffer instead of own KeyReader.
A tiny refactoring made in order to allow usage of other utility methods which require Buffer.
* Support ECDSA PuTTY keys.
* Some code cleanup
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
