For RSA keys all possible signature algorithms must be tried. Also refer to hierynomus/sshj#763.

Author: ylangisc

examples/pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>com.jcraft</groupId>
   <artifactId>jsch.agentproxy.examples</artifactId>
-  <version>0.0.9</version>
+  <version>0.0.10-SNAPSHOT</version>
   <name>examples to demonstrate how to use jsch-agent-proxy</name>
 
   <dependencies>

jsch-agent-proxy-connector-factory/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.connector-factory</artifactId>

jsch-agent-proxy-core/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.core</artifactId>

jsch-agent-proxy-core/src/main/java/com/jcraft/jsch/agentproxy/AgentProxy.java

@@ -67,6 +67,8 @@ public class AgentProxy {
   private static final byte SSH_COM_AGENT2_FAILURE = 102;
 
   private static final byte SSH_AGENT_OLD_SIGNATURE = 0x01;
+  public static final byte SSH_AGENT_RSA_SHA2_256 = 0x02;
+  public static final byte SSH_AGENT_RSA_SHA2_512 = 0x04;
 
   private final byte[] buf = new byte[1024];
   private final Buffer buffer = new Buffer(buf);
@@ -116,6 +118,10 @@ public synchronized Identity[] getIdentities() {
   }
 
   public synchronized byte[] sign(byte[] blob, byte[] data) {
+    return this.sign(blob, data, 0);
+  }
+
+  public synchronized byte[] sign(byte[] blob, byte[] data, int flags) {
     byte[] result = null;
 
     byte code1 = SSH2_AGENTC_SIGN_REQUEST;
@@ -127,7 +133,7 @@ public synchronized byte[] sign(byte[] blob, byte[] data) {
     buffer.putByte(code1);
     buffer.putString(blob);
     buffer.putString(data);
-    buffer.putInt(0);   // SSH_AGENT_OLD_SIGNATURE
+    buffer.putInt(flags);
     buffer.insertLength();
 
     try {

jsch-agent-proxy-jsch/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.jsch</artifactId>

jsch-agent-proxy-pageant/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.pageant</artifactId>

jsch-agent-proxy-sshagent/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.sshagent</artifactId>

jsch-agent-proxy-sshj/pom.xml

@@ -6,23 +6,28 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.sshj</artifactId>
   <name>a library to use jsch-agent-proxy with sshj</name>
 
   <dependencies>
     <dependency>
-      <groupId>net.schmizz</groupId>
+      <groupId>com.hierynomus</groupId>
       <artifactId>sshj</artifactId>
-      <version>[0.8.1,)</version>
+      <version>[0.33.0,)</version>
     </dependency>
     <dependency>
       <groupId>com.jcraft</groupId>
       <artifactId>jsch.agentproxy.core</artifactId>
       <version>${project.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+      <version>1.7.32</version>
+    </dependency>
   </dependencies>
 
   <build>
@@ -32,6 +37,14 @@
         <artifactId>maven-jar-plugin</artifactId>
         <version>2.3.2</version>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <configuration>
+          <source>7</source>
+          <target>7</target>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>

jsch-agent-proxy-sshj/src/main/java/com/jcraft/jsch/agentproxy/sshj/AuthAgent.java

@@ -28,87 +28,125 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 */
 package com.jcraft.jsch.agentproxy.sshj;
 
+import com.hierynomus.sshj.key.KeyAlgorithm;
+import com.hierynomus.sshj.key.KeyAlgorithms;
 import com.jcraft.jsch.agentproxy.AgentProxy;
 import com.jcraft.jsch.agentproxy.Identity;
 import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.common.Message;
 import net.schmizz.sshj.common.SSHPacket;
 import net.schmizz.sshj.transport.TransportException;
 import net.schmizz.sshj.userauth.UserAuthException;
 import net.schmizz.sshj.userauth.method.AbstractAuthMethod;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.Queue;
 
 /**
  * An AuthMethod for sshj authentication with an agent.
  */
 public class AuthAgent extends AbstractAuthMethod {
-    protected final Logger log = LoggerFactory.getLogger(getClass());
 
-    /** The AgentProxy instance that is used for signing */
+    /**
+     * The AgentProxy instance that is used for signing
+     */
     private final AgentProxy agentProxy;
-    /** The identity from Agent */
+    /**
+     * The identity from Agent
+     */
     private final Identity identity;
-    /** The identity's key algorithm */
+    /**
+     * The identity's key algorithm
+     */
     private final String algorithm;
     private final String comment;
 
+    private Queue<KeyAlgorithm> available;
+
+    private final KeyType keyType;
+
     public AuthAgent(AgentProxy agentProxy, Identity identity) throws Buffer.BufferException {
         super("publickey");
         this.agentProxy = agentProxy;
         this.identity = identity;
         this.comment = new String(identity.getComment());
         this.algorithm = (new Buffer.PlainBuffer(identity.getBlob())).readString();
+        this.keyType = KeyType.fromString(algorithm);
+    }
+
+    private KeyAlgorithm getPublicKeyAlgorithm(KeyType keyType) throws TransportException {
+        if (available == null) {
+            available = new LinkedList<>(params.getTransport().getClientKeyAlgorithms(keyType));
+        }
+        return available.peek();
     }
 
-    /** Internal use. */
     @Override
-    public void handle(Message cmd, SSHPacket buf)
-            throws UserAuthException, TransportException {
-        if (cmd == Message.USERAUTH_60)
-            sendSignedReq();
-        else
-            super.handle(cmd, buf);
+    public boolean shouldRetry() {
+        if (available != null) {
+            available.poll();
+            return !available.isEmpty();
+        }
+        return false;
     }
 
     protected SSHPacket putPubKey(SSHPacket reqBuf)
             throws UserAuthException {
-        reqBuf
-            .putString(algorithm)
-            .putBytes(identity.getBlob()).getCompactData();
-        return reqBuf;
+        try {
+            KeyAlgorithm ka = getPublicKeyAlgorithm(keyType);
+            if (ka != null) {
+                reqBuf.putString(ka.getKeyAlgorithm()).putBytes(identity.getBlob()).getCompactData();
+                return reqBuf;
+            }
+        } catch (IOException ioe) {
+            throw new UserAuthException("No KeyAlgorithm configured for key " + keyType, ioe);
+        }
+        throw new UserAuthException("No KeyAlgorithm configured for key " + keyType);
     }
 
-    private SSHPacket putSig(SSHPacket reqBuf)
-            throws UserAuthException {
+    private int getSignFlags(KeyAlgorithm algorithm) {
+        if (keyType == KeyType.RSA) {
+            if (KeyAlgorithms.RSASHA256().getName().equals(algorithm.getKeyAlgorithm())) {
+                return AgentProxy.SSH_AGENT_RSA_SHA2_256;
+            }
+            if (KeyAlgorithms.RSASHA512().getName().equals(algorithm.getKeyAlgorithm())) {
+                return AgentProxy.SSH_AGENT_RSA_SHA2_512;
+            }
+        }
+        return 0;
+    }
+
+    protected SSHPacket putSig(SSHPacket reqBuf)
+            throws TransportException {
         final byte[] dataToSign = new Buffer.PlainBuffer()
                 .putString(params.getTransport().getSessionID())
                 .putBuffer(reqBuf) // & rest of the data for sig
                 .getCompactData();
 
-        reqBuf.putBytes(agentProxy.sign(identity.getBlob(), dataToSign));
+        reqBuf.putBytes(agentProxy.sign(identity.getBlob(), dataToSign, getSignFlags(getPublicKeyAlgorithm(keyType))));
 
         return reqBuf;
     }
 
     /**
-     * Send SSH_MSG_USERAUTH_REQUEST containing the signature.
-     *
-     * @throws UserAuthException
-     * @throws TransportException
+     * Internal use.
      */
-    private void sendSignedReq()
+    @Override
+    public void handle(Message cmd, SSHPacket buf)
             throws UserAuthException, TransportException {
-        params.getTransport().write(putSig(buildReq(true)));
+        if (cmd == Message.USERAUTH_60)
+            sendSignedReq();
+        else
+            super.handle(cmd, buf);
     }
 
     /**
      * Builds SSH_MSG_USERAUTH_REQUEST packet.
      *
      * @param signed whether the request packet will contain signature
-     *
      * @return the {@link SSHPacket} containing the request packet
-     *
      * @throws UserAuthException
      */
     private SSHPacket buildReq(boolean signed)
@@ -117,7 +155,21 @@ private SSHPacket buildReq(boolean signed)
         return putPubKey(super.buildReq().putBoolean(signed));
     }
 
-    /** Builds a feeler request (sans signature). */
+    /**
+     * Send SSH_MSG_USERAUTH_REQUEST containing the signature.
+     *
+     * @throws UserAuthException
+     * @throws TransportException
+     */
+    private void sendSignedReq()
+            throws UserAuthException, TransportException {
+        log.debug("Key acceptable, sending signed request");
+        params.getTransport().write(putSig(buildReq(true)));
+    }
+
+    /**
+     * Builds a feeler request (sans signature).
+     */
     @Override
     protected SSHPacket buildReq()
             throws UserAuthException {

jsch-agent-proxy-svnkit-trilead-ssh2/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.svnkit-trilead-ssh2</artifactId>

jsch-agent-proxy-usocket-jna/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.usocket-jna</artifactId>

jsch-agent-proxy-usocket-junixsocket/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.usocket-junixsocket</artifactId>

jsch-agent-proxy-usocket-nc/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.jcraft</groupId>
     <artifactId>jsch.agentproxy</artifactId>
-    <version>0.0.9</version>
+    <version>0.0.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>jsch.agentproxy.usocket-nc</artifactId>

pom.xml

@@ -9,7 +9,7 @@
 
   <groupId>com.jcraft</groupId>
   <artifactId>jsch.agentproxy</artifactId>
-  <version>0.0.9</version>
+  <version>0.0.10-SNAPSHOT</version>
   <packaging>pom</packaging>
   <name>jsch-agent-proxy: a parent of modules</name>
 
@@ -45,6 +45,8 @@
     <jsch.version>0.1.49</jsch.version>
     <jna.version>4.1.0</jna.version>
     <trilead.version>1.0.0-build217</trilead.version>
+    <maven.compile.source>1.8</maven.compile.source>
+    <maven.compile.target>1.8</maven.compile.target>
   </properties>
 
   <developers>
@@ -95,8 +97,8 @@
         <artifactId>maven-compiler-plugin</artifactId>
         <version>2.3.2</version>
         <configuration>
-          <source>1.5</source>
-          <target>1.5</target>
+          <source>${maven.compile.source}</source>
+          <target>${maven.compile.target}</target>
         </configuration>
       </plugin>
       <plugin>