[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943158#comment-16943158
]
Logan edited comment on SSHD-945 at 10/2/19 10:46 PM:
------------------------------------------------------
Few observations:
I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included
in the classpath. After removing bouncy castle I get a different error stack
trace but still fails.
{noformat}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){noformat}
was (Author: apachelogan):
Few observations:
I am running on JDK 1.8.0_201 limited strength. Bbouncy castle was included in
the classpath. After removing bouncy castle I get a different error stack trace
but still fails.
{noformat}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){noformat}
> DSA 2048 public key authentication fails
> ----------------------------------------
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.1.0
> Reporter: Logan
> Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
