WIP: Implement support for rsa-sha2-256 key exchange.

[yoyo-danielc]

There doesn't appear to be any way to select different exchange methods depending on what the server supports for the same key, so this commit allows IPrivateKeySource to expose multiple key exchange methods for the same key and will try each one.

Tested on Ubuntu 18.04 and 22.04 with default SSH server config and with only ssh-rsa and rsa-sha2-256 key exchange enabled.

Not sure if this is necessarily the best design to go with, so haven't updated the tests yet.

A simpler approach would be to just replace ssh-rsa with rsa-sha2-256, which would prevent communication with old servers (OpenSSH 7.2 added rsa-sha2-256 support in 2016).

Based on @ml054's work in #825 (comment)

[johnliaoywl]

Hi, I would like to know if there is any update for this one.

[lcheng526]

when the library is going to upgrade to support sha-256 and sha-512?

[lcheng526]

There doesn't appear to be any way to select different exchange methods depending on what the server supports for the same key, so this commit allows IPrivateKeySource to expose multiple key exchange methods for the same key and will try each one.

Tested on Ubuntu 18.04 and 22.04 with default SSH server config and with only ssh-rsa and rsa-sha2-256 key exchange enabled.

Not sure if this is necessarily the best design to go with, so haven't updated the tests yet.

A simpler approach would be to just replace ssh-rsa with rsa-sha2-256, which would prevent communication with old servers (OpenSSH 7.2 added rsa-sha2-256 support in 2016).

Based on @ml054's work in #825 (comment)

Does the solution works? I am getting "Key exchanger negotiation failed" exception. The code is never hitting RsaSha256DigitalSignature class. It always hitting RsaKey class. any reason for this?

[maxx8888]

Same for me, does this solution work? Do i need to change used HMAC Algorithm somehow?

[darkoperator]

A lot of people are hitting this issue.

[mikeblas]

What is preventing this from being merged? Looks like lots of people (me, too!) have this issue: #825 and #956 for example.

[ckdell]

@mikeblas : The build failing is probably the #1 blocker here.

[Videstra]

Yeah - add me to the list of people having problems with this. The temp workaround is to add the following two lines to the end of the /etc/ssh/sshd_config file
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
If you don't have access to edit that file you will need a different library. This appears to be specific to new versions of ubuntu that have deprecated the rsa keys...

[et1975]

Is there an overlap with #1098? @drieseng Any blockers other than rebase to merging this?

[et1975]

This appears to be a pretty big change for the current codebase.

[et1975]

Any guidance @darinkes ?

[phamvietdung]

It's not working for me :((

[Videstra]

It's not working for me :((
If you have access to the server you need to add the following two lines to the end of the /etc/ssh/sshd_config file

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

```If you don't have access to edit that file you will need a different library. 

[phamvietdung]

It's not working for me :((
If you have access to the server you need to add the following two lines to the end of the /etc/ssh/sshd_config file

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

```If you don't have access to edit that file you will need a different library. 

Thanks, but i dont want to change the /etc/ssh/sshd_config or maybe sometime i dont have permission to do this action.

[WojciechNagorski]

We will work on that in near future.

[hhklmc]

same issue here with Kernel version 5.10.50-linux4sam-2021.04+ whilst 4.9 can connect successfully.

[WojciechNagorski]

@hhklmc I've just finished the implementation of rsa-sha-256 here #1177

It would be great if you could confirm that the fix works so that we can release a new version this week.

[hhklmc]

@hhklmc I've just finished the implementation of rsa-sha-256 here #1177

It would be great if you could confirm that the fix works so that we can release a new version this week.

How can I test it, any pre-release package published to nuget or?

[WojciechNagorski]

Currently, we don't have pre-release packages (I know we should have them). The best option is to download the repo, checkout to the branch, add the project to the solution, and reference the project instead of Nuget. This is all for testing purposes only.

git clone https://github.com/Rob-Hague/SSH.NET.git
cd SSH.NET
git checkout rsa-sha2

[hhklmc]

Currently, we don't have pre-release packages (I know we should have them). The best option is to download the repo, checkout to the branch, add the project to the solution, and reference the project instead of Nuget. This is all for testing purposes only.

git clone https://github.com/Rob-Hague/SSH.NET.git
cd SSH.NET
git checkout rsa-sha2

I can confirm that rsa-sha2 branch now works for me. Thank you very much!

[WojciechNagorski]

@hhklmc big thanks for checking. Thanks to it we are closer to release. 😄

[WojciechNagorski]

Fixed by #1177 and #1180

[WojciechNagorski]

Version 2023.0.0 has been published https://www.nuget.org/packages/SSH.NET/2023.0.0