[ 
https://issues.apache.org/jira/browse/SSHD-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183348#comment-17183348
 ] 

Lyor Goldstein commented on SSHD-1063:
--------------------------------------

{quote}
My intuition tells me that the solution (or maybe workaround) could be this 
little change:
{quote}
That would make +every+ port non-default - which is not what is expected. 



> KnownHostsServerKeyVerifier fail with alternative ports (non 22/TCP)
> --------------------------------------------------------------------
>
>                 Key: SSHD-1063
>                 URL: https://issues.apache.org/jira/browse/SSHD-1063
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.5.1
>            Reporter: Guillermo Grandes
>            Assignee: Lyor Goldstein
>            Priority: Minor
>
> First connection, to port 22, create entry in known_hosts (this is OK).
> {code:none}
> 2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient - 
> Connecting to: test-sshd@192.168.7.5:22
> 2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session 
> established: test-sshd@192.168.7.5:22
> {code}
> After disconnect, a second connection, but to port 2020, same IP but another 
> port (responded by another ssh-service), connection fails (detect changed 
> key, this is bad).
> {code:none}
> 2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient - 
> Connecting to: test-sshd@192.168.7.5:2020
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] 
> ClientSessionImpl - 
> exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened]
>  SshException: Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO] 
> ClientSessionImpl - 
> Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]): 
> SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] 
> ClientSessionImpl - 
> disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation 
> failed (ClosedChannelException) for 
> reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]: 
> null
> 2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient - 
> IOException: org.apache.sshd.common.SshException: Server key did not validate
> {code}
> If the first connection is to port 2020, and second is to port 22, two 
> entries are created in known_hosts and all works fine.
> To reproduce, with this snippet of code:
> {code:java}
> final File knownHost = new File("/tmp/known_hosts");
> knownHost.delete();
> knownHost.createNewFile();
> KnownHostsServerKeyVerifier hostVerifier = new 
> KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) -> 
> true), knownHost.toPath()); // Accept unknown
> hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress, 
> entry, expected, actual) -> false); // Reject modified
> SshClient client = SshClient.setUpDefaultClient();
> client.setServerKeyVerifier(hostVerifier);
> client.start();
> // ...etc...
> {code}
> * Connect to server A, port 22.
> * Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020 
> in server A to server B in port 22).
> My intuition tells me that the solution (or maybe workaround) could be this 
> little change:
> {code:java}
> // class: org.apache.sshd.client.config.hosts.KnownHostHashValue
>     public static <A extends Appendable> A appendHostPattern(A sb, String 
> host, int port) throws IOException {
> -        boolean nonDefaultPort = (port > 0) && (port != 
> SshConstants.DEFAULT_PORT);
> +        boolean nonDefaultPort = true;
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to