[jira] [Reopened] (SSHD-852) Verification fails for hashed known host entry on non standard port generated by OpenSSH client

Fri, 19 Oct 2018 08:24:23 -0700 


     [ 
https://issues.apache.org/jira/browse/SSHD-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor reopened SSHD-852:
---------------------------------

> Verification fails for hashed known host entry on non standard port generated 
> by OpenSSH client
> -----------------------------------------------------------------------------------------------
>
>                 Key: SSHD-852
>                 URL: https://issues.apache.org/jira/browse/SSHD-852
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Linux Mint 19
>            Reporter: Stefan Verhoeven
>            Assignee: Goldstein Lyor
>            Priority: Minor
>             Fix For: 2.1.1
>
>         Attachments: ConnectToNonDefaultPortTest.java
>
>
> The Apache SshClient is unable to verify a known host entry that was made by 
> the OpenSSH client when the entry is on a port other than 22.
>  
> I get the following exception
> {code:java}
> org.apache.sshd.common.SshException: Server key did not validate
>  at 
> org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
> ...{code}
>  
> The OpenSSH client will create a hash for `[host]:port` while Apache 
> SshClient will check hashed entries for `host` (see 
> https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.]
>  This difference will cause the correct known host entry to be marked as not 
> a match which in turn causes the exception.
>  
> The error can be reproduced by setting up the a SSH server
> {code:java}
> rm ~/.ssh/known_hosts
> docker run -d -p 2222:22 nlesc/xenon-ssh 
> # Prime known hosts with hash entry, password=javagat
> ssh xenon@localhost -p 10022 hostname
> {code}
> and then running the attached test.
>  
> I created a fix and tests at 
> https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to