Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement ext-info-in-auth@openssh.com extension #562

Open
gnodet opened this issue Jul 26, 2024 · 0 comments
Open

Implement ext-info-in-auth@openssh.com extension #562

gnodet opened this issue Jul 26, 2024 · 0 comments
Labels
feature request A request for a new feature

Comments

@gnodet
Copy link
Contributor

gnodet commented Jul 26, 2024

Description

See https://github.com/openssh/openssh-portable/blob/V_9_8/PROTOCOL#L167-L184

This protocol extension allows the SSH2_MSG_EXT_INFO to be sent
during user authentication. RFC8308 does allow a second
SSH2_MSG_EXT_INFO notification, but it may only be sent at the end
of user authentication and this is too late to signal per-user
server signature algorithms.

Support for receiving the SSH2_MSG_EXT_INFO message during user
authentication is signalled by the client including a
"ext-info-in-auth@openssh.com" key via its initial SSH2_MSG_EXT_INFO
set after the SSH2_MSG_NEWKEYS message.

A server that supports this extension MAY send a second
SSH2_MSG_EXT_INFO message any time after the client's first
SSH2_MSG_USERAUTH_REQUEST, regardless of whether it succeed or fails.
The client SHOULD be prepared to update the server-sig-algs that
it received during an earlier SSH2_MSG_EXT_INFO with the later one.

Motivation

Even without implementing per-user server signature algorithms, supporting this extension on the server side would bring better support when connecting to OpenSSH servers.

Alternatives considered

No response

Additional context

No response

@gnodet gnodet added the feature request A request for a new feature label Jul 26, 2024
gnodet added a commit to gnodet/mina-sshd that referenced this issue Jul 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request A request for a new feature
Projects
None yet
Development

No branches or pull requests

1 participant