-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support ed25519 keys #674
Comments
Support for SFTP is writen in Java check src/plugins/sftp. If you know java
you can help me with that.
Thank you,
Ajit Kumar
…On Thu, Mar 30, 2023, 12:20 AM Brian Hughes ***@***.***> wrote:
Using an ed25519 key for ssh connection on an SFTP data source produces an
error dialog saying ssh-ed25519 is explicitly not supported. It's 2023 and
support for ed25519 should be available in most libraries.
I'm not very familiar with JavaScript dependencies but surely something
can be updated to support the current ssh standard?
—
Reply to this email directly, view it on GitHub
<#674>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJHIHI4XMWVMDXMK5NJNN33W6SAAZANCNFSM6AAAAAAWMI2OFU>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
I do know java, but I do not know android or cordova or yarn. It looks like it is missing the recommended bouncycastle dependencies for the maverick ssh client which is the client used by the sftp plugin. Adding the recommended dependency causes the "jettify" process to fail. There is supposed to be a workaround to exclude the jar from the jettify process but I could not figure out how to make it work in this repo which does not use gradle directly. So I needed to add a different version of the bouncycastle jars and exclude the broken version. After doing this the process gets further but complains "Ed25519 KeyFactory is not available" There is also another support article from maverick which mentions another jar is needed for ed25519 support, but its a weird snapshot jar and adding it does not seem to impact the behaviour of the ssh client, I get the same "Ed25519 KeyFactory is not available" message. I am not convinced this is necessary based on what I can read in the other codebases, but the page seemed fairly authoritative. So at this point I am somewhat stuck unless I can find out where that error message is coming from. Unfortunately I could not figure out how to get the project to run via AndroidStudio so I could not use a debugger to trace the source of the error and I cannot find that error message in the source code for bouncycastle or maverick I will describe my changes below since they are pretty simple, I could push a branch but it doesn't work anyway. src/plugins/sftp/plugin.xml: <framework src="commons-io:commons-io:2.11.0" />
<framework src="com.sshtools:maverick-synergy-client:3.0.10" />
<framework src="com.sshtools:maverick-bc:3.0.10" />
<framework src="org.bouncycastle:bcprov-jdk15to18:1.72" />
<framework src="org.bouncycastle:bcpkix-jdk15to18:1.72" />
<framework src="com.sshtools:maverick-ed25519:3.0.0-SNAPSHOT" /> src/plugins/sftp/src/.../Stfp.java (at the end of the JCEProvider.enableBouncyCastle(true); build-extras.gradle: repositories {
maven {
name "oss-snapshots"
url "https://oss.sonatype.org/content/repositories/snapshots/"
mavenContent {
snapshotsOnly()
includeModule("com.sshtools", "maverick-ed25519")
}
}
}
configurations {
all {
exclude module: 'commons-logging'
exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
exclude group: 'org.bouncycastle', module: 'bcpkix-jdk15on'
}
} |
also I tried the |
Thanks for the try you gave... I'll try again with what you have explained
in the mail.
Wait for the update and thank you for the idea.
Regards,
Ajit Kumar
…On Mon, Apr 3, 2023, 7:25 AM Brian Hughes ***@***.***> wrote:
I do know java, but I do not know android or cordova or yarn.
It looks like it is missing the recommended bouncycastle dependencies for
the maverick ssh client
<https://jadaptive.com/app/manpage/en/article/1570724> which is the
client used by the sftp plugin.
Adding the recommended dependency causes the "jettify" process to fail.
There is supposed to be a workaround to exclude the jar from the jettify
process <https://stackoverflow.com/a/69005474/27739> but I could not
figure out how to make it work in this repo which does not use gradle
directly. So I needed to add a different version of the bouncycastle jars
and exclude the broken version.
After doing this the process gets further but complains "Ed25519
KeyFactory is not available"
There is also another support article from maverick which mentions
another jar is needed for ed25519 support
<https://jadaptive.com/app/manpage/en/article/1569490>, but its a weird
snapshot jar and adding it does not seem to impact the behaviour of the ssh
client, I get the same "Ed25519 KeyFactory is not available" message. I am
not convinced this is necessary based on what I can read in the other
codebases, but the page seemed fairly authoritative.
So at this point I am somewhat stuck unless I can find out where that
error message is coming from. Unfortunately I could not figure out how to
get the project to run via AndroidStudio so I could not use a debugger to
trace the source of the error and I cannot find that error message in the
source code for bouncycastle or maverick
|
Thanks, if I get enough free time maybe I can set up a vanilla java test program to debug the behaviour; but I'm worried the differences between the android JRE and my local test will make the results meaningless. |
Is there any update? I don't want to enable RSA keys again on our SFTP hosts. |
Try running Currently I cannot build the app with @gnomed's setup. Can somebody test it? If so, post the logs down below. I also have similar issues where it cannot connect to servers with only certain key exchange algorithms enabled, notably Curve25519 (#985) Another alternative is to just switch from Maverick SSH Library to something else that doesn't involve adding BouncyCastle (or any other problematic dependencies) One example is https://github.com/mwiede/jsch (JSCH fork, for ed25519 support Java 15+ is required if not add BouncyCastle, which in this case is a little bit broken and requires workaround) Another example is Apache Mina SSHD (it supports SFTP) which uses ed25519-java library to support ed25519, but: https://github.com/apache/mina-sshd/blob/master/docs/standards.md#key-exchange
Or just include a native library for the ssh/sftp implementation. Also this article might be relevant, where the built-in Android BouncyCastle implementation of many algorithms were deprecated:
Related SO Answer: https://stackoverflow.com/a/66323575 |
Using an ed25519 key for ssh connection on an SFTP data source produces an error dialog saying ssh-ed25519 is explicitly not supported. It's 2023 and support for ed25519 should be available in most libraries.
I'm not very familiar with JavaScript dependencies but surely something can be updated to support the current ssh standard?
The text was updated successfully, but these errors were encountered: