Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ed25519 keys not working #352

Closed
brianmhunt opened this issue Nov 5, 2015 · 20 comments
Closed

ed25519 keys not working #352

brianmhunt opened this issue Nov 5, 2015 · 20 comments

Comments

@brianmhunt
Copy link

Not sure if this is an issue here or upstream, but I just wanted to give a heads up that ed25519 host keys do not appear to be supported.

When running e.g.

conn = new require('ssh2')()
conn.connect({
  host: 'host.local',
  port: "22",
  username: "bmh",
  agent: process.env['SSH_AUTH_SOCK'],
  debug: console.log})

The output includes:

DEBUG: (local) Host key formats: ssh-rsa,ssh-dss
DEBUG: (remote) Host key formats: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

I doubt there's anything on my end (Mac OS X 10.11.1; node 5.0.0; fresh package install of [email protected]); it looks like the support is simply not yet in ssh2-streams. I can re-file a bug there, if that is preferable.

🍻

@brianmhunt
Copy link
Author

Notable link on ed25519 support in Node: nodejs/node#2144

Two options:

@mscdex
Copy link
Owner

mscdex commented Nov 5, 2015

Yes, this is a known issue. The problem though is that the pure js implementations for some of these algorithms that OpenSSL currently does not support are slow.

I think I would only want to start incorporating these pure js algorithm solutions once there is the ability to override the hard-coded list of algorithms, ciphers, etc. This way if someone doesn't want to use the pure js algorithms (for performance reasons), then they can (easily) opt out of that. However, I haven't had time to work on this.

@brianmhunt
Copy link
Author

Thanks @mscdex

I appreciate the concerns over performance issue and opting-out.

As host key algorithm itself is only run once per connection, the performance of that particular implementation should not be a big concern. That said, I understand why you would want to make sure an opt-out scheme of some sort would be in place before going down this road.

Cheers.

@mscdex
Copy link
Owner

mscdex commented Feb 27, 2016

FWIW I've just landed ECDSA support in ssh2/ssh2-streams and it works, but will need to write tests for it yet.

I'm still not sure when/if OpenSSL will support ed25519 though. There is an ed25519 issue on OpenSSL's repo here FWIW. There is also another OpenSSL github issue for curve25519 here that is supposedly "in progress" and a related node issue here.

I should also note I would be open to the possibility of having an optionalDependency on a compiled addon that implemented ed* key support.

@stefreak
Copy link

openssl/openssl#309 says "x25519 is in [OpenSSL] 1.1"

Can this be implemented now? I would appreciate it enormously :)

@mscdex
Copy link
Owner

mscdex commented Mar 30, 2017

It won't be supported at least until OpenSSL 1.1.x is included in a version of node. See this PR for more information.

@karlhorky
Copy link

karlhorky commented Jun 25, 2018

I suppose nodejs/node#18770 is the more updated issue now (OpenSSL 1.1.1).

@karlhorky
Copy link

Oh wait, reading a bit deeper, in that issue there is the line:

We currently have 1.1.0 support in Node

Looks like this is supported after all now:

Node.js 10: nodejs/node#16130 (comment)
Node.js 8 backport: nodejs/node#18622 (comment)

@Eugeny
Copy link

Eugeny commented Oct 27, 2018

@mscdex could you please also consider adding an ed25519 PPK parser?

@officiallymarky
Copy link

Any update on this?
Would be awesome if you could provide support for ed25519

@mscdex
Copy link
Owner

mscdex commented Jan 18, 2019

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

@officiallymarky
Copy link

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

Looks like it's about to happen.
nodejs/node#25381

@mscdex
Copy link
Owner

mscdex commented Jan 19, 2019

Right, but it will still take time before it makes it into a release and then into the hands of end users :)

@silverwind
Copy link

Is this fixed by e40ca05?

@mscdex
Copy link
Owner

mscdex commented Apr 18, 2019

Kind of, but support in node only exists in node master currently.

@mscdex
Copy link
Owner

mscdex commented Apr 25, 2019

Full Ed25519 support now available in ssh2 v0.8.3 when used with node v12.0.0.

@AlexandrKravchuk
Copy link

Hello! I just was wondering if it's possible to use ed25519 based connection with the node version lower than 12?

@mscdex
Copy link
Owner

mscdex commented Apr 27, 2020

@AlexandrKravchuk Not without adding some sort of JavaScript-only ed25519 implementation, which I prefer not to do.

@Ayfri
Copy link

Ayfri commented May 13, 2024

Any update ?

@mscdex
Copy link
Owner

mscdex commented May 13, 2024

Any update ?

On what? You need a version of node that supports ed25519, which equates to node v12.0.0 or newer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

9 participants