Skip to content

Commit

Permalink
Authenticate with ssh-rsa by default (#1283)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rob-Hague
Rob-Hague authored Dec 28, 2023
1 parent e7a64dd commit 2b53e46
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 7 deletions.
6 changes: 3 additions & 3 deletions src/Renci.SshNet/PrivateKeyFile.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,11 +250,11 @@ private void Open(Stream privateKey, string passPhrase)
case "RSA":
var rsaKey = new RsaKey(decryptedData);
_key = rsaKey;
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
break;
case "DSA":
_key = new DsaKey(decryptedData);
Expand All @@ -268,11 +268,11 @@ private void Open(Stream privateKey, string passPhrase)
_key = ParseOpenSshV1Key(decryptedData, passPhrase);
if (_key is RsaKey parsedRsaKey)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
}
else
{
Expand Down Expand Up @@ -337,11 +337,11 @@ private void Open(Stream privateKey, string passPhrase)
var p = reader.ReadBigIntWithBits(); // q
var decryptedRsaKey = new RsaKey(modulus, exponent, d, p, q, inverseQ);
_key = decryptedRsaKey;
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
}
else if (keyType == "dl-modp{sign{dsa-nist-sha1},dh{plain}}")
{
Expand Down
2 changes: 1 addition & 1 deletion test/Renci.SshNet.Tests/Classes/Common/HostKeyEventArgsTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ private static KeyHostAlgorithm GetKeyHostAlgorithm()
using (var s = GetData("Key.RSA.txt"))
{
var privateKey = new PrivateKeyFile(s);
return (KeyHostAlgorithm)privateKey.HostKeyAlgorithms.First();
return (KeyHostAlgorithm)privateKey.HostKeyAlgorithms.Single(x => x.Name == "rsa-sha2-512");
}
}

Expand Down
8 changes: 5 additions & 3 deletions test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -687,9 +687,11 @@ private static void TestRsaKeyFile(PrivateKeyFile rsaPrivateKeyFile)

var algorithms = rsaPrivateKeyFile.HostKeyAlgorithms.ToList();

Assert.AreEqual("rsa-sha2-512", algorithms[0].Name);
Assert.AreEqual("rsa-sha2-256", algorithms[1].Name);
Assert.AreEqual("ssh-rsa", algorithms[2].Name);
// ssh-rsa should be attempted first during authentication by default.
// See https://github.com/sshnet/SSH.NET/issues/1233#issuecomment-1871196405
Assert.AreEqual("ssh-rsa", algorithms[0].Name);
Assert.AreEqual("rsa-sha2-512", algorithms[1].Name);
Assert.AreEqual("rsa-sha2-256", algorithms[2].Name);
}
}
}

0 comments on commit 2b53e46

Please sign in to comment.