Advertise OpenSSH certificate support in host key algorithms#226
Open
jeffellin wants to merge 2 commits intoapple:mainfrom
Open
Advertise OpenSSH certificate support in host key algorithms#226jeffellin wants to merge 2 commits intoapple:mainfrom
jeffellin wants to merge 2 commits intoapple:mainfrom
Conversation
Motivation: NIOSSH supports OpenSSH certificates (ssh-*-cert-v01@openssh.com) for authentication but fails to advertise these algorithm names during key exchange and user authentication. This causes SSH servers to reject certificate-based authentication even though NIOSSH can correctly parse and use certificates. During SSH protocol negotiation, clients must advertise all supported public key algorithms. NIOSSH was only advertising base algorithm names (ssh-ed25519, ecdsa-sha2-nistp256, etc.) and omitting certificate algorithm names (*-cert-v01@openssh.com), making certificate authentication impossible. Modifications: - NIOSSHPrivateKey.hostKeyAlgorithms: Include both certificate and base algorithm names for each key type (e.g., ["ssh-ed25519-cert-v01@openssh.com", "ssh-ed25519"]) - Update SSHKeyExchangeStateMachineTests to account for doubled algorithm count (cert + base per key type) This matches OpenSSH client behavior which advertises both certificate and base algorithms for all supported key types. Result: NIOSSH can now successfully use OpenSSH certificates for authentication. Servers that require certificate authentication will see the certificate algorithm names advertised and accept cert-based auth. Servers that don't support certificates will continue using base algorithms. This enables certificate-based authentication with enterprise SSH servers, bastion hosts, and zero-trust architectures.
Complete the certificate advertising fix by updating the client-side host key algorithm list used during SSH key exchange negotiation. The previous commit updated NIOSSHPrivateKey.hostKeyAlgorithms which is used by SSH servers. However, SSH clients use a separate static array (supportedServerHostKeyAlgorithms) during KEXINIT negotiation. Without this fix, clients advertise only base algorithms: [ssh-ed25519, ecdsa-sha2-nistp256, ...] With this fix, clients advertise both certificate and base algorithms: [ssh-ed25519-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp256, ...] This allows successful key exchange with servers that require or prefer OpenSSH certificates for authentication. Fixes the error: "no common algorithm for host key; we offered: [cert algorithms], peer offered: [base algorithms only]"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Advertise OpenSSH certificate support in host key algorithms
Fixes #225
Summary
This PR enables NIOSSH to advertise support for OpenSSH certificates during key exchange and user authentication. While NIOSSH has always been able to parse and use OpenSSH certificates, it was not advertising the certificate algorithm names (
ssh-*-cert-v01@openssh.com), causing SSH servers to reject certificate-based authentication.Changes
Modified Files
Sources/NIOSSH/Keys And Signatures/NIOSSHPrivateKey.swift(lines 62-77)hostKeyAlgorithmsto return both certificate and base algorithm names for each key type["ssh-ed25519-cert-v01@openssh.com", "ssh-ed25519"]Tests/NIOSSHTests/SSHKeyExchangeStateMachineTests.swift(lines 890, 941)testKeyExchangeDifferentPriorityBetweenServerAndClientto expect 4 algorithms (2 keys × 2 algorithms each).firstto.lastto access base algorithm name instead of certificate variantMotivation
During SSH protocol negotiation, clients must advertise all supported public key algorithms in the
SSH_MSG_KEXINITmessage. NIOSSH was only advertising base algorithm names (e.g.,ssh-ed25519,ecdsa-sha2-nistp256) and omitting certificate algorithm names (e.g.,ssh-ed25519-cert-v01@openssh.com).This prevented certificate-based authentication from working even though NIOSSH has full support for parsing and using OpenSSH certificates. SSH servers would reject certificate authentication because the client never advertised certificate algorithm support.
This change matches OpenSSH client behavior, which advertises both certificate and base algorithms for all supported key types.
Impact
Enables certificate authentication with:
Maintains backward compatibility:
Testing
testKeyExchangeDifferentPriorityBetweenServerAndClientto reflect doubled algorithm countReferences
NIOSSHCertifiedPublicKey.swiftlines 344-350 (defines cert algorithm names)