search

mwiede / jsch

fork of the popular jsch library
Other
713 stars 132 forks source link

Signed Certificate fail authentication #386

Closed williancolognesitrimble closed 11 months ago

williancolognesitrimble commented 1 year ago

Hello,

I've trying to connect ssh in a server with signed ssh certificate and private key, already tried with different ways in jsch but couldn't make it works,

The openssh client authentication is working fine with the same keys, here is the log:

 ssh -i id_rsa -o CertificateFile=id_rsa-cert.pub username@18.xx.xx.xx -vvv                
OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/wcologn/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 18.xx.xx.xx is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/wcologn/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/wcologn/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 18.xx.xx.xx [18.xx.xx.xx] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file id_rsa type 3
debug1: certificate file id_rsa-cert.pub type 7
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.6
debug1: compat_banner: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.6 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 18.xx.xx.xx:22 as 'username'
debug3: record_hostkey: found key type ECDSA in file /home/wcologn/.ssh/known_hosts:688
debug3: load_hostkeys_file: loaded 1 keys from 18.xx.xx.xx
debug1: load_hostkeys: fopen /home/wcologn/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tylKakCGl+mZQ/JYvA0bBqiVz0is9lpcSDocxKg7ZqE
debug3: record_hostkey: found key type ECDSA in file /home/wcologn/.ssh/known_hosts:688
debug3: load_hostkeys_file: loaded 1 keys from 18.xx.xx.xx
debug1: load_hostkeys: fopen /home/wcologn/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '18.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /home/wcologn/.ssh/known_hosts:688
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: id_rsa-cert.pub ED25519-CERT SHA256:YsyZ1Zl4lS1k0eGfxxxxxxx explicit
debug1: Will attempt key: id_rsa ED25519 SHA256:YsyZ1Zl4lS1k0exxxxxxx explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_rsa-cert.pub ED25519-CERT SHA256:YsyZ1Zl4lS1k0eGfrtluro9tiW0IB8T7bAoRHsojEAE explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: id_rsa-cert.pub ED25519-CERT SHA256:YsyZ1Zl4lS1k0eGfrtluro9tiW0IB8T7bAoRHsojEAE explicit
debug3: sign_and_send_pubkey: using publickey with ED25519-CERT SHA256:YsyZ1Zl4lS1k0eGfrtluro9tiW0IB8T7bAoRHsojEAE
debug2: sign_and_send_pubkey: using private key "id_rsa" for certificate
debug3: sign_and_send_pubkey: signing using ssh-ed25519-cert-v01@openssh.com SHA256:YsyZ1Zl4lS1k0eGfrtluro9tiW0IB8T7bAoRHsojEAE
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to 18.xx.xx.xx ([18.xx.xx.xx]:22) using "publickey".
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug2: client_check_window_change: changed
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:AEuhm/1MiuCAmTFGthIRfDjxxx
debug3: client_input_hostkeys: received DSA key SHA256:uZ/R48mPEp3FDsda//dvPUDxxx/xxx
debug3: client_input_hostkeys: ssh-dss key not permitted by HostkeyAlgorithms
debug3: client_input_hostkeys: received ECDSA key SHA256:tylKakCGl+mZQ/JYvA0bBqiVxxx
debug3: client_input_hostkeys: received ED25519 key SHA256:/p7lZw5ZDixXzN9uDpgN6Bxxx
debug1: client_input_hostkeys: searching /home/wcologn/.ssh/known_hosts for 18.xx.xx.xx / (none)
debug3: hostkeys_foreach: reading file "/home/wcologn/.ssh/known_hosts"
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/wcologn/.ssh/known_hosts:688
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key under different name/addr at /home/wcologn/.ssh/known_hosts:805
debug1: client_input_hostkeys: searching /home/wcologn/.ssh/known_hosts2 for 18.xx.xx.xx / (none)
debug1: client_input_hostkeys: hostkeys file /home/wcologn/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 2 new, 18446744073709551615 retained, 2 incomplete match. 0 to remove
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env PATH
debug3: Ignored env XAUTHORITY
debug3: Ignored env XMODIFIERS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env GDMSESSION
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env I3SOCK
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env TERM
debug3: Ignored env XDG_CONFIG_DIRS
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env FIG_JETBRAINS_SHELL_INTEGRATION
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env DISPLAY
debug3: Ignored env USERNAME
debug3: Ignored env LOGNAME
debug3: Ignored env PWD
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env SHELL
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env USER
debug3: Ignored env DESKTOP_STARTUP_ID
debug3: Ignored env QT_ACCESSIBILITY
debug3: Ignored env WINDOWPATH
debug3: Ignored env TERMINAL_EMULATOR
debug3: Ignored env GTK_MODULES
debug3: Ignored env XDG_SEAT
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env TERM_SESSION_ID
debug3: Ignored env SYSTEMD_EXEC_PID
debug3: Ignored env XDG_VTNR
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env HOME
debug3: Ignored env SHLVL
debug3: Ignored env OLDPWD
debug3: Ignored env ZSH
debug3: Ignored env PAGER
debug3: Ignored env LESS
debug3: Ignored env LSCOLORS
debug3: Ignored env LS_COLORS
debug3: Ignored env NVM_DIR
debug3: Ignored env NVM_CD_FLAGS
debug3: Ignored env NVM_BIN
debug3: Ignored env NVM_INC
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1081-aws x86_64)

But when I try with jsch here is the log:

File privKey = new File("id_rsa");
File pubKeySigned = new File("id_rsa-cert.pub");
byte[] privKeyBytes = Files.readAllBytes(privKey.toPath());
byte[] pubKeySignedBytes = Files.readAllBytes(pubKeySigned.toPath());

JSch jsch = new JSch();
jsch.addIdentity("id_rsa", privKeyBytes, pubKeySignedBytes, null);

session = jsch.getSession("username", "18.xx.xx.xx", 22);
session.setConfig("StrictHostKeyChecking", "no");

session.connect(); // error here.
[1]: Connecting to 18.xx.xx.xx port 22
[1]: Connection established
[1]: Remote version string: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.6
[1]: Local version string: SSH-2.0-JSCH_0.2.11
[1]: CheckCiphers: chacha20-poly1305@openssh.com
[1]: CheckKexes: curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512
[1]: CheckSignatures: ssh-ed25519,ssh-ed448
[0]: server_host_key proposal before known_host reordering is: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
[0]: server_host_key proposal after known_host reordering is: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
[1]: SSH_MSG_KEXINIT sent
[1]: SSH_MSG_KEXINIT received
[1]: server proposal: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[1]: server proposal: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
[1]: server proposal: ciphers c2s: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[1]: server proposal: ciphers s2c: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[1]: server proposal: MACs c2s: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[1]: server proposal: MACs s2c: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[1]: server proposal: compression c2s: none,zlib@openssh.com
[1]: server proposal: compression s2c: none,zlib@openssh.com
[1]: server proposal: languages c2s: 
[1]: server proposal: languages s2c: 
[1]: client proposal: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
[1]: client proposal: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
[1]: client proposal: ciphers c2s: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[1]: client proposal: ciphers s2c: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[1]: client proposal: MACs c2s: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[1]: client proposal: MACs s2c: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[1]: client proposal: compression c2s: none
[1]: client proposal: compression s2c: none
[1]: client proposal: languages c2s: 
[1]: client proposal: languages s2c: 
[1]: kex: algorithm: curve25519-sha256
[1]: kex: host key algorithm: ssh-ed25519
[1]: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
[1]: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
[1]: SSH_MSG_KEX_ECDH_INIT sent
[1]: expecting SSH_MSG_KEX_ECDH_REPLY
[1]: ssh_eddsa_verify: ssh-ed25519 signature true
[2]: Permanently added '18.xx.xx.xx' (EDDSA) to the list of known hosts.
[1]: SSH_MSG_NEWKEYS sent
[1]: SSH_MSG_NEWKEYS received
[1]: SSH_MSG_SERVICE_REQUEST sent
[1]: SSH_MSG_EXT_INFO received
[1]: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
[1]: SSH_MSG_SERVICE_ACCEPT received
[1]: Authentications that can continue: publickey,keyboard-interactive,password
[1]: Next authentication method: publickey
[0]: PubkeyAcceptedAlgorithms = ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
[0]: PubkeyAcceptedAlgorithms in server-sig-algs = [ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256]
[0]: ssh-ed25519 preauth failure
[1]: Authentications that can continue: password
[1]: Next authentication method: password
[1]: Disconnecting from 18.xx.xx.xx port 22
Auth fail for methods 'publickey,password'

here is the details for the ssh key

# ssh-keygen -L -f id_rsa-cert.pub 
id_rsa-cert.pub:
        Type: ssh-ed25519-cert-v01@openssh.com user certificate
        Public key: ED25519-CERT SHA256:YsyZ1Zl4lS1k0eGfrtlxxxx
        Signing CA: RSA SHA256:BgRln1Rxxxx (using rsa-sha2-512)
        Key ID: "vault-jwt-username@mail.com-62cc99d59978952d64d1e19faxxxxxx"
        Serial: 169151107000000000000
        Valid: from 2023-09-11T09:57:20 to 2023-09-11T10:27:50
        Principals: 
                username
        Critical Options: (none)
        Extensions: 
                permit-pty
# ssh-keygen -l -f id_rsa         
256 SHA256:YsyZ1Zl4lS1k0eGfrtluro9tiW0IB8T7bAoRHsojEAE id_rsa.pub (ED25519)

Any thoughts on that?

norrisjeremy commented 1 year ago

Hi @williancolognesitrimble,

JSch does not yet support OpenSSH certificates. See #31.

Thanks, Jeremy

williancolognesitrimble commented 1 year ago

Do you know any workaround to this @norrisjeremy ?

norrisjeremy commented 1 year ago

Hi @williancolognesitrimble,

You will either need to use traditional SSH keys, or we are happy to review pull requests that would implement the feature in JSch.

Thanks, Jeremy