[jira] [Created] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT
Lyor Goldstein created SSHD-947: --- Summary: Use separate configuration to control sending client session identity and KEX-INIT Key: SSHD-947 URL: https://issues.apache.org/jira/browse/SSHD-947 Project: MINA SSHD Issue Type: Improvement Affects Versions: 2.3.0 Reporter: Lyor Goldstein Assignee: Lyor Goldstein The current code uses a single configuration flag to control both. We should use separate flags in order to allow usage of port multiplexers such as [sslh|http://www.rutschle.net/tech/sslh/README.html] where we need the client to send its identification string (thus triggering the correct multiplexing), but we might want to wait with the KEX-INIT until receiving the server's identification - e.g., for special customization of the KEX phase based on the server. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158
]
Logan edited comment on SSHD-945 at 10/2/19 10:54 PM:
--
Few observations:
I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included
in the classpath. After removing bouncy castle I get a different error stack
trace but still fails.
{code:java}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan edited comment on SSHD-945 at 10/2/19 10:53 PM: -- Few observations: I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943160#comment-16943160
]
Logan edited comment on SSHD-945 at 10/2/19 10:53 PM:
--
I changed the host key provider from
{code:java}
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code}
to below
{code:java}
SimpleGeneratorHostKeyProvider keyProvider = new
SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider =
new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA");
keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code}
and I see different stack trace:
{code:java}
org.apache.sshd.common.SshException: Session is being
closedorg.apache.sshd.common.SshException: Session is being closed at
org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46)
at
org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){code}
was (Author: apachelogan):
I changed the host key provider from
{code:java}
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code}
to below
{code:java}
SimpleGeneratorHostKeyProvider keyProvider = new
SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider =
new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA");
keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code}
and I see different stack trace:
{noformat}
org.apache.sshd.common.SshException: Session is being
closedorg.apache.sshd.common.SshException: Session is being closed at
org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46)
at
org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){noformat}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158
]
Logan edited comment on SSHD-945 at 10/2/19 10:46 PM:
--
Few observations:
I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included
in the classpath. After removing bouncy castle I get a different error stack
trace but still fails.
{noformat}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943164#comment-16943164
]
Logan commented on SSHD-945:
I am ran the same tests on JDK 1.8.0_201 unlimited strength on RHEL 6 and it
still fails. I will try to get the stack trace soon. But you see it fails in
DSA signing. I do not known how DSA signing works in SSHD client.
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943160#comment-16943160
]
Logan commented on SSHD-945:
I changed the host key provider from
{code:java}
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code}
to below
{code:java}
SimpleGeneratorHostKeyProvider keyProvider = new
SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider =
new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA");
keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code}
and I see different stack trace:
{noformat}
org.apache.sshd.common.SshException: Session is being
closedorg.apache.sshd.common.SshException: Session is being closed at
org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46)
at
org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){noformat}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158
]
Logan commented on SSHD-945:
Few observations:
I am running on JDK 1.8.0_201 limited strength. Bbouncy castle was included in
the classpath. After removing bouncy castle I get a different error stack trace
but still fails.
{noformat}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
[jira] [Resolved] (SSHD-919) sshd suport ssh v1 or not
[ https://issues.apache.org/jira/browse/SSHD-919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein resolved SSHD-919. - Resolution: Won't Fix > sshd suport ssh v1 or not > - > > Key: SSHD-919 > URL: https://issues.apache.org/jira/browse/SSHD-919 > Project: MINA SSHD > Issue Type: Question >Reporter: tk0214 >Priority: Minor > Labels: features > > from the code, we find the sshd sopport SSH-1.99, but failed to to ssh v1 > server in testw > the ssh server used sshd, the protocol set 1 > i want to know sshd-2.0.0 version support SSH v1 or not. > thanks. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Resolved] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein resolved SSHD-945.
-
Resolution: Not A Problem
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Resolved] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein resolved SSHD-941.
-
Resolution: Workaround
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Assignee: Lyor Goldstein
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: resolving "10.10.20.25" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
> debug1: Remote protocol version 2.0, remote software version Cisco-1.25
> debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 10.10.20.25:22 as 'admin'
> debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
> debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:9
> debug3: load_hostkeys: loaded 1 keys from 10.10.20.25
> debug3: order_hostkeyalgs:
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[
https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16940246#comment-16940246
]
Lyor Goldstein edited comment on SSHD-941 at 10/2/19 12:42 PM:
---
{code:java}
mina ssh needs to receive "server version string: ..." before sending
SSH_MSG_USERAUTH_REQUEST in order to connect with Cisco device
{code}
Indeed, and for this there is a +special setting+ that needs to be activated in
the _main_ code (see SSHD-930):
{code:java}
SshClient client = ...setup client...
PropertyResolverUtils.updateProperty(client,
ClientFactoryManager.SEND_IMMEDIATE_IDENTIFICATION, false);
client.start();
{code}
This will delay the client's KEX-INIT until the server's identification is
received (and reported) - thus enabling the code to prepare the session
correctly. This also explains why
{quote}connection with IOS only has 50/50 chance of succeeding.
{quote}
it depends on whether the server's identification has been received or not
before the KEX setting has been changed.
*Note:* the delay feature is not yet part of the released version
was (Author: lgoldstein):
{code}
mina ssh needs to receive "server version string: ..." before sending
SSH_MSG_USERAUTH_REQUEST in order to connect with Cisco device
{code}
Indeed, and for this there is a +special setting+ that needs to be activated in
the _main_ code (see SSHD-930):
{code:java}
SshClient client = ...setup client...
PropertyResolverUtils.updateProperty(client,
ClientFactoryManager.SEND_IMMEDIATE_IDENTIFICATION, false);
client.start();
{code}
This will delay the client's KEX-INIT until the server's identification is
received (and reported) - thus enabling the code to prepare the session
correctly. This also explains why {quote}onnection with IOS only has 50/50
chance of succeeding.{quote} it depends on whether the server's identification
has been received or not before the KEX setting has been changed.
*Note:* the delay feature is not yet part of the released version
> mina ssh client times out connecting with IOS 15.2
> --
>
> Key: SSHD-941
> URL: https://issues.apache.org/jira/browse/SSHD-941
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.0.0
>Reporter: Yuefeng
>Assignee: Lyor Goldstein
>Priority: Major
>
> Other device is Cisco IOS 15.2 -
> IOS-15#show version
> Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version
> 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD,
> synced to V152_6_0_81_E
>
> apache.sshd always times out connecting to this device -
>
> {code:java}
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:68 - Client session created:
> Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.s.ClientUserAuthService:101 -
> ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client
> methods: [publickey, keyboard-interactive, password]
> 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1569 -
> sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]):
> SSH-2.0-SSHD-CORE-2.0.0
> 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG
> o.a.s.c.session.ClientSessionImpl:1716 -
> sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT
> 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG
> o.a.s.c.s.ClientUserAuthService:150 -
> auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send
> SSH_MSG_USERAUTH_REQUEST for 'none'
> 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG
> o.a.s.c.session.ClientSessionImpl:1110 -
> writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST]
> Start flagging packets as pending until key exchange is done
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:1653 -
> doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22])
> line='SSH-2.0-Cisco-1.25'
> 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG
> o.a.s.c.session.ClientSessionImpl:375 -
> readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version
> string: SSH-2.0-Cisco-1.25
> 2019-09-12 20:42:50.565Z [collector-55326-2] WARN
> c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed:
> DefaultAuthFuture[ssh-connection]: Failed to get operation result within
> specified timeout: 2
> org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
> Failed to get operation result within specified timeout: 2
> {code}
>
> ssh on linux has no problem connecting -
> {code:java}
> root@eve-ng:/opt/fwd/logs#
