Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh: add support for extension negotiation (rfc 8308) #2

Closed
wants to merge 8 commits into from
Closed

ssh: add support for extension negotiation (rfc 8308) #2

wants to merge 8 commits into from

Conversation

iQQBot
Copy link
Collaborator

@iQQBot iQQBot commented Aug 5, 2022

This PR is cherry-pick from golang#211

@drakkan @iQQBot
ssh: add support for extension negotiation (rfc 8308)
9b8c011 
This is a rebase of the following PR

golang#197

with some changes and improvements:

- added support for client certificate authentication
- removed read loop from server handshake
- adapted extInfoMsg to upstream changes

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
remove the Extension setting
89f3624 
always add ext-info-s to KEX and send the SSH_MSG_EXT_INFO message
if we received ext-info-c from the client

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
add ext-info-s to KEX algorithms only in the first key exchange
602743d 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
remove extInfoSent field
637c5e3 
we already know if this is the first key exchange

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
sendKexInit: evaluate first key exchange only once
b9684c6 
we need it for both client and server

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
improve code comments
6abc756 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
added a shared method to parse extInfoMsgs
fbb69e2 
both client and server side need to parse this message

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@drakkan @iQQBot
send server-sig-algs using the same order as OpenSSH
e5ad625 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
@akosyakov
Copy link
Member

I will close it for now. We decided to wait for official fix in upstream.

@akosyakov akosyakov closed this Aug 10, 2022
@jeanp413
Copy link
Member

@akosyakov Why the need to wait? I would say this is a blocker to make gitpod-desktop extension GA, we don't know how many users have newer ssh client, without this all users using ubuntu 22.04 which is LTS version and with rsa keys wouldn't be able to connect and the error shown by the ssh client is not really helpful

@akosyakov
Copy link
Member

I think the reasoning was because golang#211 in progress, not something what was approved by authors. I'm not sure about the quality and completeness of the solution. I added to our sync point next monday.

@iQQBot
Copy link
Collaborator Author

iQQBot commented Aug 22, 2022

I think we probably can't wait for the official PR golang#211 merge, on the one hand, this PR hasn't had a new commit for 2 months and the last comment was a month ago, no one knows when it will be merged

Also the latest beta for macOS has upgraded the ssh-client to openssh 9.0 which means the latest macOS 13.0 will have a ton of people having this problem by the time it's released in the fall, so we may have to merge it ourselves and watch for official movement

@iQQBot iQQBot mentioned this pull request Aug 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@iQQBot @akosyakov @jeanp413 @drakkan