[
https://issues.apache.org/jira/browse/SSHD-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996829#comment-16996829
]
Lyor Goldstein commented on SSHD-958:
-------------------------------------
Here is what I found with a quick _grep_
{code:c|title=auth2-pubkey.c}
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
PRIVSEP(sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b),
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
ssh->compat, &sig_details)) == 0) {
authenticated = 1;
}
{code}
i.e., {{sshkey_verify}} is invoked with a NULL algorithm if {{SSH_BUG_SIGTYPE}}
is set (as seems to be the case for this issue), If we look at the code for
{{sshkey_verify}}:
{code:c|title=sshkey.c,ssh-rsa.c}
case KEY_RSA_CERT:
case KEY_RSA:
return ssh_rsa_verify(key, sig, siglen, data, dlen, alg);
if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) {
ret = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
/*
* Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for
* legacy reasons, but otherwise the signature type should match.
*/
if (alg != NULL && strcmp(alg, "ssh-rsa-cert-...@openssh.com") != 0) {
if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) {
ret = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
if (hash_alg != want_alg) {
ret = SSH_ERR_SIGNATURE_INVALID;
goto out;
}
}
{code}
> sshd (openssh5) closes connection on mina ssh client after pkt 50, but not ssh
> ------------------------------------------------------------------------------
>
> Key: SSHD-958
> URL: https://issues.apache.org/jira/browse/SSHD-958
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Yuefeng
> Assignee: Lyor Goldstein
> Priority: Minor
>
> Using mina ssh library to connect to a system, but the system always closes
> connection at the following stage:
> {code:java}
> 2019-12-09 21:03:08 Z [pool-123195-thread-1] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService:
> auth(ClientSessionImpl[XXXXXXXX])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-12-09 21:03:08 Z [pool-123195-thread-1] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl:
> writePacket(ClientSessionImpl[XXXXXXXXX])[SSH_MSG_USERAUTH_REQUEST] Start
> flagging packets as pending until key exchange is done
> 2019-12-09 21:03:09 Z [pool-123195-thread-1] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl:
> close(ClientSessionImpl[XXXXXXXXXX]) Closing immediately
> 2019-12-09 21:03:09 Z [pool-123195-thread-1] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl:
> signalAuthFailure(ClientSessionImpl[XXXXXX]) type=SshException,
> signalled=false: Session is being closed
> {code}
> when I tried ssh client from the same computer to the same destination, it
> works. "-vvv" shows that the destination system is
> {code:java}
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
> debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
> {code}
> openssh lib shows the compat flag
> {code:java}
> { “OpenSSH_5*“, SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT| SSH_BUG_SIGTYPE},
> {code}
>
> while "SSH_NEW_OPENSSH" and "SSH_BUG_SIGTYPE" are common, flag
> SSH_BUG_DYNAMIC_RPORT is specific to OpenSSH_5, and not set anywhere else.
> Does mina ssh handle OpenSSH_5?
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
