- Adjusted test classes to work with Apache SSHD 2.8.0
- Upgraded Bouncy Castle from 1.69 to 1.70
- Upgraded Apache SSHD from 2.1.0 to 2.8.0
- Upgraded JUnit from 4.12 to 4.13.2
- Upgraded Mockito from 2.28.2 to 4.2.0
- Upgraded Logback from 1.2.6 to 1.2.9
- Upgraded Apache HTTP Client from 4.5.9 to 4.5.14
* Improve SshdContainer: log `docker build` to stdout, don't wait too long if container exited
* Fix#740: Lean on Config.keyAlgorithms choosing between rsa-sha2-* and ssh-rsa
Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key.
OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key.
Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order.
Sorry, this commit mostly reverts changes from #607.
* Introduce ConfigImpl.prioritizeSshRsaKeyAlgorithm to deal with broken backward compatibility
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Fix: if the client knows CA key, it should send host key algo proposal for certificates
* Run specific SSH server in KeyWithCertificateSpec
Required to verify the case with wrong host key algorithm proposals. See #733
* Split KeyWithCertificateSpec into HostKeyWithCertificateSpec and PublicKeyAuthWithCertificateSpec
Prevents from starting unnecessary SSHD containers, making the tests run a bit faster when they are launched separately.
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* full support for encrypted PuTTY v3 files (Argon2 library not included)
* simplified the PuTTYKeyDerivation interface and provided an abstract PuTTYArgon2 class for an easy Argon2 integration
* use Argon2 implementation from Bouncy Castle
* missing license header added
* license header again
* unit tests extended to cover all Argon2 variants and non-standard Argon2 parameters; verify the loaded keys
* Enable renaming with flags
The SFTP protocol allows to rename files by specifying
extra flags:
- OVERWRITE
- ATOMIC
- NATIVE
The flags are exposed through a new RenameFlags enum and
can be passed as parameters to the rename() method in
SFTPClient/SFTPEngine.
Relates to #563
* Update RenameFlags.java
* Update RenameFlags.java
* Align license header with all other files
* Make RenameFlags parameter in line with OpenMode(s)
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys
* Remove unndeeded BC call.
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Prefer known algorithm for known host
(#642, #635... 10? issues)
Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.
If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.
* Add support for multiple matching hostkeys, in configuration order
Co-authored-by: Bernie Day <bday@jvncomm.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Support v3 PuTTY keys
* add test for putty v3 key
* Format PuTTYKeyFile to fix Codacy warnings
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Add key types for ECDSA and ED25519 with certificates to implement publickey auth with that keys.
* Read public key certificates in OpenSSHKeyV1KeyFile.
* Fix ClassCastException in ECDSAVariationsAdapter.isECKeyWithFieldSize.
* Introduce an integration test for publickey auth with certificates.
* Refactor: merge copy-paste from OpenSshKey*File.java into an util class.
* Add the license to KeyWithCertificateSpec.groovy
* Add the license to OpenSSHKeyFileUtil.java
* Support writing unsigned integers to buffer, this is required to support channel ids greater than Integer.MAX_VALUE
fixeshierynomus/sshj#690
* Fix incorrect test
* Fix indentation to make codacy happy
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Added an override for copy method, allowing the user to specify whether preserve flag is used in the SCP command.
- Propagated the preserveTime boolean to process method to skip preserveTimeIfPossible when it's not desired
* Support ED25519 PuTTY keys.
Fix#659
* PuTTYKeyFile: Use net.schmizz.sshj.common.Buffer instead of own KeyReader.
A tiny refactoring made in order to allow usage of other utility methods which require Buffer.
* Support ECDSA PuTTY keys.
* Some code cleanup
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Loop through security providers to check for BC
Instead of only counting BouncyCastle as being registered if it
is set as the explicit security provider used by SSHJ, count it as
registered if it is available as a provider.
This commit improves Android compatibility, which requires not
specifying an explicit provider.
* Generify BC-specific curve specifiers
The ECNamendCurveGenParameterSpec is a BC-specific workaround for
missing curve tables in Java 1.4 and earlier. For the sake of Android
compatibility, where Conscrypt can't deal with this custom spec class,
replace it with the standard ECGenParameterSpec and update the curve
names to the standard identifiers.
* Implement AES-GCM cipher support
Fixes#217.
A port of AES-GCM cipher support from Apache MINA-SSHD, based on https://github.com/apache/mina-sshd/pull/132.
Included tests for decoding SSH packets sent from Apache MINA-SSHD and OpenSSH (Version 7.9p1 as used by Debian 10).
Manual tests also done on OpenSSH server 7.9p1 running Debian 10 with its available ciphers, including 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com and aes256-gcm@openssh.com.
* Changes per PR feedback
- Fixed variable/statement whitespaces and add back missing braces per coding standard requirement
- Moved Buffer.putLong() and Buffer.getLong() into GcmCipher.CounterGCMParameterSpec since it's the only user
- Moved BaseCipher.authSize into GcmCipher since it is the only cipher that would return a non-zero. BaseCipher will keep return 0 instead
- Made BaseCipher.cipher protected instead of making it publicly accessible
- Combined the three decoding modes in Decoder.decode() into one single method, to reduce code duplication
- Added integration test for the ciphers, along with the newly implemented AES-GCM ciphers
In some cases, current code will leak parts or even the whole ssh key if it's slightly malformed.
One example of that malformation will be a key, where all newlines are replaced by other character, thus turning a multiline key to a single big string.
Then that whole line will be leaked to exception message.
* Fix RSA certificate key determination.
Fixes#599.
* Correct serialization of RSA certificates with unlimited dates.
* The test for connecting with RSA certificate.
* Remove redundant change in TransportImpl.java
* Add forgotten test keys.
* Make net.schmizz.sshj.common.KeyType.CertUtils.epochFromDate readable.
Co-authored-by: Vladimir Lagunov <vladimir.lagunov@jetbrains.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Fix matching of pubkeys to key algorithms
Allow all configured key algorithms for pubkey authentication, even if
these algorithms are not supported as host key algorithms by the
server.
Preference is given to the modern rsa-sha2-* signature algorithms if
the server indicates support for them as host keys signature
algorithms.
* Replace Boolean with primitive boolean
* Add integration tests for ecdsa-sha2-nistp384/521
* Remove redundant import
* Clean up Transport interface
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
SignatureECDSA.encode() does not correctly handle signatures longer
than 128 bytes, which affects signatures using the nistp521 curve.
This commits fixes the issue by replacing the ad-hoc ASN.1 DER
parsing with a use of ASN1InputStream.
Some SSH servers will not honor the negotiated rsa-sha2-256 algorithms
if the client does not indicate support for SSH_MSG_EXT_INFO messages.
Since we only need to accept these messages, but are free to ignore
their contents, adding support amounts to sending "ext-info-c" with our
kex algorithm proposal.
