[
https://issues.apache.org/jira/browse/SSHD-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185607#comment-17185607
]
Lyor Goldstein commented on SSHD-1063:
--------------------------------------
After reviewing the logs I am confused about the behavior you describe - the
only failure to validate was in [^debug-2020.log]
{quote}
2020-08-26 22:11:03.588 [sshd-SshClient[67ce2014]-nio2-thread-9] [INFO]
ClientSessionImpl -
Disconnecting(ClientSessionImpl[test-s...@maktub.techno.es/192.168.7.5:2020]):
SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate
{quote}
However you claim that the order in which you try to connect does not matter -
whereas it seems it does - the others succeed or you are not running the same
code. It seems to me (from your own logs) that the problem occurs only when
connecting 1st to 22 and then to 2020.
Please try the code in the branch I provided in this issue and see if it fixes
the issue.
> KnownHostsServerKeyVerifier fail with alternative ports (non 22/TCP)
> --------------------------------------------------------------------
>
> Key: SSHD-1063
> URL: https://issues.apache.org/jira/browse/SSHD-1063
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.5.1
> Reporter: Guillermo Grandes
> Assignee: Lyor Goldstein
> Priority: Minor
> Attachments: debug-2020.log, debug-22.log, known-2020, known-22,
> test2-debug-2020.log, test2-debug-22.log, test2-known-2020, test2-known-22
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> First connection, to port 22, create entry in known_hosts (this is OK).
> {code:none}
> 2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient -
> Connecting to: test-sshd@192.168.7.5:22
> 2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session
> established: test-sshd@192.168.7.5:22
> {code}
> After disconnect, a second connection, but to port 2020, same IP but another
> port (responded by another ssh-service), connection fails (detect changed
> key, this is bad).
> {code:none}
> 2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient -
> Connecting to: test-sshd@192.168.7.5:2020
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN]
> ClientSessionImpl -
> exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened]
> SshException: Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO]
> ClientSessionImpl -
> Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]):
> SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN]
> ClientSessionImpl -
> disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation
> failed (ClosedChannelException) for
> reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]:
> null
> 2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient -
> IOException: org.apache.sshd.common.SshException: Server key did not validate
> {code}
> If the first connection is to port 2020, and second is to port 22, two
> entries are created in known_hosts and all works fine.
> To reproduce, with this snippet of code:
> {code:java}
> final File knownHost = new File("/tmp/known_hosts");
> knownHost.delete();
> knownHost.createNewFile();
> KnownHostsServerKeyVerifier hostVerifier = new
> KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) ->
> true), knownHost.toPath()); // Accept unknown
> hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress,
> entry, expected, actual) -> false); // Reject modified
> SshClient client = SshClient.setUpDefaultClient();
> client.setServerKeyVerifier(hostVerifier);
> client.start();
> // ...etc...
> {code}
> * Connect to server A, port 22.
> * Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020
> in server A to server B in port 22).
> My intuition tells me that the solution (or maybe workaround) could be this
> little change:
> {code:java}
> // class: org.apache.sshd.client.config.hosts.KnownHostHashValue
> public static <A extends Appendable> A appendHostPattern(A sb, String
> host, int port) throws IOException {
> - boolean nonDefaultPort = (port > 0) && (port !=
> SshConstants.DEFAULT_PORT);
> + boolean nonDefaultPort = true;
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
