[
https://issues.apache.org/jira/browse/SSHD-813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16429356#comment-16429356
]
Goldstein Lyor commented on SSHD-813:
-------------------------------------
It is not clear what your program is trying to do, so I am not sure what may be
wrong with either SSHD or your program especially what you mean by
{quote}
in our multithreaded testing
{quote}
However, a review of the code involved in the re-keying does seem to indicate a
possible race condition - though more research is required to figure out if
indeed it is a problem. That being said, I can suggest the following:
# Please provide some skeleton code of what you are doing - especially the
multithreading part
# {quote}
the value of the array 'i_s' in the class 'DHGServer' not up to date, which
results in inconsistent digital signature
{quote}
Seems like you tried to analyze the issue and reached some conclusions - it
would help if you could attach the results of your analysis
# Please use version 1.7 as it contains some improvements (admittedly not
related to this issue directly), but it would help if we referenced the same
code base
# Finally, as a workaround you can disable the re-keying mechanism as follows -
see {{AbstractSession#refreshConfiguration}} method: there are 3 _maxRekey_
values being configured - set them all to -1. Set also the value of
{{FactoryManager#REKEY_BLOCKS_LIMIT}} to -1. This will disable the mechanism
altogether:
{code:java}
SshServer server = ...;
PropertyResolverUtils.updateProperty(server, FactoryManager#REKEY_XXX, -1L);
PropertyResolverUtils.updateProperty(server, FactoryManager#REKEY_XXX, -1L);
PropertyResolverUtils.updateProperty(server, FactoryManager#REKEY_XXX, -1L);
...
and same for client
{code}
> mina sshd 1.6.0, using as ssh server, run for about an hour,found that ssh
> client throws KeyExchange signature verification failed.
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SSHD-813
> URL: https://issues.apache.org/jira/browse/SSHD-813
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.6.0
> Environment: linux,jdk1.8
> Reporter: cheng
> Priority: Major
>
> When our application call method 'writePacket' to send this message to the
> client, found that ssh client throws KeyExchange signature verification
> failed.
> We found that calling method 'writePacket' will check if a re-keying is
> required and modify the reference of the array 'i_s' in the method
> 'setKexSeed',
> and our application may reveive the message 'SSH_MSG_KEXINIT'at the same
> time; when received the message 'SSH_MSG_KEXINIT', the class 'DHGServer' will
> be
> initialized using the array 'i_s'. But in our multithreaded testing, the
> value of the array 'i_s' in the class 'DHGServer' not up to date, which
> results in
> inconsistent digital signature between the client and the server, so ssh
> client throws KeyExchange signature verification failed.
> I am wondering is this a multithreaded problem that is ignored. Please help
> me, thank you.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
