[ https://issues.apache.org/jira/browse/SSHD-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183348#comment-17183348 ]
Lyor Goldstein commented on SSHD-1063: -------------------------------------- {quote} My intuition tells me that the solution (or maybe workaround) could be this little change: {quote} That would make +every+ port non-default - which is not what is expected. > KnownHostsServerKeyVerifier fail with alternative ports (non 22/TCP) > -------------------------------------------------------------------- > > Key: SSHD-1063 > URL: https://issues.apache.org/jira/browse/SSHD-1063 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 2.5.1 > Reporter: Guillermo Grandes > Assignee: Lyor Goldstein > Priority: Minor > > First connection, to port 22, create entry in known_hosts (this is OK). > {code:none} > 2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient - > Connecting to: test-sshd@192.168.7.5:22 > 2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session > established: test-sshd@192.168.7.5:22 > {code} > After disconnect, a second connection, but to port 2020, same IP but another > port (responded by another ssh-service), connection fails (detect changed > key, this is bad). > {code:none} > 2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient - > Connecting to: test-sshd@192.168.7.5:2020 > 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] > ClientSessionImpl - > exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened] > SshException: Server key did not validate > 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO] > ClientSessionImpl - > Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]): > SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate > 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] > ClientSessionImpl - > disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation > failed (ClosedChannelException) for > reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]: > null > 2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient - > IOException: org.apache.sshd.common.SshException: Server key did not validate > {code} > If the first connection is to port 2020, and second is to port 22, two > entries are created in known_hosts and all works fine. > To reproduce, with this snippet of code: > {code:java} > final File knownHost = new File("/tmp/known_hosts"); > knownHost.delete(); > knownHost.createNewFile(); > KnownHostsServerKeyVerifier hostVerifier = new > KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) -> > true), knownHost.toPath()); // Accept unknown > hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress, > entry, expected, actual) -> false); // Reject modified > SshClient client = SshClient.setUpDefaultClient(); > client.setServerKeyVerifier(hostVerifier); > client.start(); > // ...etc... > {code} > * Connect to server A, port 22. > * Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020 > in server A to server B in port 22). > My intuition tells me that the solution (or maybe workaround) could be this > little change: > {code:java} > // class: org.apache.sshd.client.config.hosts.KnownHostHashValue > public static <A extends Appendable> A appendHostPattern(A sb, String > host, int port) throws IOException { > - boolean nonDefaultPort = (port > 0) && (port != > SshConstants.DEFAULT_PORT); > + boolean nonDefaultPort = true; > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org