bugfix: fix cert auth failed bug #660
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomaswolf
reviewed
Jan 31, 2025
sshd-core/src/test/java/org/apache/sshd/common/auth/PublicKeyAuthenticationTest.java
Show resolved
Hide resolved
sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.java
Outdated
Show resolved
Hide resolved
sshd-core/src/test/java/org/apache/sshd/common/auth/PublicKeyAuthenticationTest.java
Outdated
Show resolved
Hide resolved
liuziyu1226
force-pushed
the
feature/cert-auth
branch
2 times, most recently
from
e18687b to
0bfda76
Compare
Member
|
Thanks for this contribution. We're about to create a new Apache MINA sshd 2.15.0 release. I will defer merging this until after that (so it will be in 2.16.0 then). The problem is that the server side of certificate authentication has many other things missing. As far as I can see the server side doesn't even check the signature in the certificate. |
tomaswolf
force-pushed
the
feature/cert-auth
branch
from
0bfda76 to
0154e56
Compare
Use the certified key to check the signature in server-side pubkey auth. Previous code failed because it mistakenly used the certificate itself, which didn't work because the signer doesn't know about certificates. (In other words: until this fix, pubkey auth at an Apache MINA sshd server always failed with user certificates.)
tomaswolf
force-pushed
the
feature/cert-auth
branch
from
0154e56 to
ca1b7bf
Compare
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #650