Allow setting hash algorithm to use for signing requests of SSH agent #449
Conversation
|
I think a more flexible solution would be to update the It will need to be updated later anyway to accept an enum of a public key OR certificate later for OpenSSH certificate keys agent auth. |
|
Thanks for the feedback! I'll try to implement your idea tomorrow and see how far I go... |
|
This PR does fix the test (and would close #444)! However, I'm not convinced hardcoding SHA512 (instead of leaving the option to specify the algorithm as @Eugeny suggested) is the best choice here. E.g., what would happen when talking to old systems/SSH servers that may not support it? I fear this could introduce regressions. |
|
(sorry for the conflict, client.rs got moved from |
wiktor-k
force-pushed
the
wiktor-k/use-sha-512-with-rsa
branch
from
ed1399e to
d4e840b
Compare
wiktor-k
changed the title
Fortunately git took care of that seamlessly when rebasing 😅 Okay, I've passed the See if that's more like what you meant and if not I can re-adjust. Thanks for your time! 👋 |
Fixes: Eugeny#444 Fixes: Eugeny#445 Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
wiktor-k
force-pushed
the
wiktor-k/use-sha-512-with-rsa
branch
from
d4e840b to
fe58322
Compare
|
LGTM, thank you! |
This is a suggestion PR that I've tested locally. I'm happy to adjust it in any way you see fit.
@nightmared would it be possible for you to test it, too? (just like in the ticket you've described).
Fixes: #444
Fixes: #445
Note that since I'm using my own agent server implementation and upstream ssh-key has not released a version with some critical fixes such as RustCrypto/SSH#263 making signatures with SHA-1 is totally broken :( so I'd be really happy if something like this has been merged. Thanks for your time! 🙇