ECDSA support

[ChaoticMind]

Are there any plans for ecdsa support?

[mscdex]

Sure, provided node/iojs's crypto interface supports them.

[elbertcastaneda]

I need your help, i have this error when try to connect :

ERROR:nw_shell.cc(335)] Error: Bad packet length
at SSH2Stream._transform

I am using nw 0.12.1 and ssh2 library, this error is showed when the script try connect to ssh server

[mscdex]

@elbertcastaneda Your issue is unrelated to the original issue, please file a new issue here.

[appsforartists]

@mscdex Should I be able to use ecdsa keys with ssh-agent? I've got these two keys:

[email protected]
ecdsa-sha2-nistp256

that result in "Agent key #1 failed" (and #2). These are the handshake protocols I see if I put a logger in DEBUG_NOOP:

diffie-hellman-group-exchange-sha256
ssh-rsa
aes256-ctr
hmac-sha1
none

[mscdex]

@appsforartists No, not currently.

[appsforartists]

@mscdex Thanks and 😢

You mentioned earlier that the blocker was a lack of support in Node's crypto library. I see references to EDSCA in crypto's setEngine method. There's also this library based on the work of Node.js core member @indutny. Do either of those pave the way for ecdsa support in ssh2.js?

[mscdex]

@appsforartists The problem is that node does support ECDSA and other algorithms that might be useful for ssh2, but it's supported at the TLS level. The crypto module itself has to be provide access to those algorithms, which is not always automatic and sometimes requires manual changes to accommodate newer algorithms. I haven't looked recently to see if crypto now provides this kind of access in node v4+ or not.

There are a number of node addons that provide various algorithm implementations, but the problem is just that: they're addons, meaning they require a compiler. One of the goals is to remain "pure js," but this topic has been discussed before. I probably wouldn't mind adding such addons as _optionalDependency_s and possibly falling back to a pure js implementation. The benefit there being that compiled addons would be faster. However, these kinds of changes wouldn't come until configurable algorithms are supported (right now the algorithms and their order are more or less hard coded).

[mscdex]

After further research it looks like ECDSA support has existed in node since the node v0.11.x days. I have added (working) support for it in ssh2/ssh2-streams, but it needs actual tests yet.

[moderndeveloperllc]

Just as a note, EdDSA is now supported with this commit. Not exactly what OP was looking for, but close.

[mscdex]

ECDSA is different than EdDSA. ECDSA has been supported for awhile now. EdDSA will require at least node v12.x (not released as of this writing) for the time being.