ed25519 keys not working

[brianmhunt]

Not sure if this is an issue here or upstream, but I just wanted to give a heads up that ed25519 host keys do not appear to be supported.

When running e.g.

conn = new require('ssh2')()
conn.connect({
  host: 'host.local',
  port: "22",
  username: "bmh",
  agent: process.env['SSH_AUTH_SOCK'],
  debug: console.log})

The output includes:

DEBUG: (local) Host key formats: ssh-rsa,ssh-dss
DEBUG: (remote) Host key formats: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

I doubt there's anything on my end (Mac OS X 10.11.1; node 5.0.0; fresh package install of [email protected]); it looks like the support is simply not yet in ssh2-streams. I can re-file a bug there, if that is preferable.

🍻

[brianmhunt]

Notable link on ed25519 support in Node: nodejs/node#2144

Two options:

• https://github.com/paixaop/node-sodium
• https://github.com/dazoe/ed25519

[mscdex]

Yes, this is a known issue. The problem though is that the pure js implementations for some of these algorithms that OpenSSL currently does not support are slow.

I think I would only want to start incorporating these pure js algorithm solutions once there is the ability to override the hard-coded list of algorithms, ciphers, etc. This way if someone doesn't want to use the pure js algorithms (for performance reasons), then they can (easily) opt out of that. However, I haven't had time to work on this.

[brianmhunt]

Thanks @mscdex

I appreciate the concerns over performance issue and opting-out.

As host key algorithm itself is only run once per connection, the performance of that particular implementation should not be a big concern. That said, I understand why you would want to make sure an opt-out scheme of some sort would be in place before going down this road.

Cheers.

[mscdex]

FWIW I've just landed ECDSA support in ssh2/ssh2-streams and it works, but will need to write tests for it yet.

I'm still not sure when/if OpenSSL will support ed25519 though. There is an ed25519 issue on OpenSSL's repo here FWIW. There is also another OpenSSL github issue for curve25519 here that is supposedly "in progress" and a related node issue here.

I should also note I would be open to the possibility of having an optionalDependency on a compiled addon that implemented ed* key support.

[stefreak]

openssl/openssl#309 says "x25519 is in [OpenSSL] 1.1"

Can this be implemented now? I would appreciate it enormously :)

[mscdex]

It won't be supported at least until OpenSSL 1.1.x is included in a version of node. See this PR for more information.

[karlhorky]

I suppose nodejs/node#18770 is the more updated issue now (OpenSSL 1.1.1).

[karlhorky]

Oh wait, reading a bit deeper, in that issue there is the line:

We currently have 1.1.0 support in Node

Looks like this is supported after all now:

Node.js 10: nodejs/node#16130 (comment)
Node.js 8 backport: nodejs/node#18622 (comment)

[Eugeny]

@mscdex could you please also consider adding an ed25519 PPK parser?

[officiallymarky]

Any update on this?
Would be awesome if you could provide support for ed25519

[mscdex]

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

[officiallymarky]

Nothing has changed, node doesn't have OpenSSL 1.1.1 yet.

Looks like it's about to happen.
nodejs/node#25381

[mscdex]

Right, but it will still take time before it makes it into a release and then into the hands of end users :)

[silverwind]

Is this fixed by e40ca05?

[mscdex]

Kind of, but support in node only exists in node master currently.

[mscdex]

Full Ed25519 support now available in ssh2 v0.8.3 when used with node v12.0.0.

[AlexandrKravchuk]

Hello! I just was wondering if it's possible to use ed25519 based connection with the node version lower than 12?

[mscdex]

@AlexandrKravchuk Not without adding some sort of JavaScript-only ed25519 implementation, which I prefer not to do.

[Ayfri]

Any update ?

[mscdex]

Any update ?

On what? You need a version of node that supports ed25519, which equates to node v12.0.0 or newer.