[jira] [Created] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT
Lyor Goldstein created SSHD-947: --- Summary: Use separate configuration to control sending client session identity and KEX-INIT Key: SSHD-947 URL: https://issues.apache.org/jira/browse/SSHD-947 Project: MINA SSHD Issue Type: Improvement Affects Versions: 2.3.0 Reporter: Lyor Goldstein Assignee: Lyor Goldstein The current code uses a single configuration flag to control both. We should use separate flags in order to allow usage of port multiplexers such as [sslh|http://www.rutschle.net/tech/sslh/README.html] where we need the client to send its identification string (thus triggering the correct multiplexing), but we might want to wait with the KEX-INIT until receiving the server's identification - e.g., for special customization of the KEX phase based on the server. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan edited comment on SSHD-945 at 10/2/19 10:54 PM: -- Few observations: I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. {code:java} org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan edited comment on SSHD-945 at 10/2/19 10:53 PM: -- Few observations: I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943160#comment-16943160 ] Logan edited comment on SSHD-945 at 10/2/19 10:53 PM: -- I changed the host key provider from {code:java} sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code} to below {code:java} SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA"); keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code} and I see different stack trace: {code:java} org.apache.sshd.common.SshException: Session is being closedorg.apache.sshd.common.SshException: Session is being closed at org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46) at org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748){code} was (Author: apachelogan): I changed the host key provider from {code:java} sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code} to below {code:java} SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA"); keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code} and I see different stack trace: {noformat} org.apache.sshd.common.SshException: Session is being closedorg.apache.sshd.common.SshException: Session is being closed at org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46) at org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748){noformat} > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan edited comment on SSHD-945 at 10/2/19 10:46 PM: -- Few observations: I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. {noformat} org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943164#comment-16943164 ] Logan commented on SSHD-945: I am ran the same tests on JDK 1.8.0_201 unlimited strength on RHEL 6 and it still fails. I will try to get the stack trace soon. But you see it fails in DSA signing. I do not known how DSA signing works in SSHD client. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943160#comment-16943160 ] Logan commented on SSHD-945: I changed the host key provider from {code:java} sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code} to below {code:java} SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA"); keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code} and I see different stack trace: {noformat} org.apache.sshd.common.SshException: Session is being closedorg.apache.sshd.common.SshException: Session is being closed at org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46) at org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748){noformat} > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan commented on SSHD-945: Few observations: I am running on JDK 1.8.0_201 limited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. {noformat} org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Resolved] (SSHD-919) sshd suport ssh v1 or not
[ https://issues.apache.org/jira/browse/SSHD-919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein resolved SSHD-919. - Resolution: Won't Fix > sshd suport ssh v1 or not > - > > Key: SSHD-919 > URL: https://issues.apache.org/jira/browse/SSHD-919 > Project: MINA SSHD > Issue Type: Question >Reporter: tk0214 >Priority: Minor > Labels: features > > from the code, we find the sshd sopport SSH-1.99, but failed to to ssh v1 > server in testw > the ssh server used sshd, the protocol set 1 > i want to know sshd-2.0.0 version support SSH v1 or not. > thanks. > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Resolved] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein resolved SSHD-945. - Resolution: Not A Problem > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Resolved] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein resolved SSHD-941. - Resolution: Workaround > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Assignee: Lyor Goldstein >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs# ssh - admin@10.10.20.25 > OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: resolving "10.10.20.25" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 10.10.20.25 [10.10.20.25] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 > debug1: Remote protocol version 2.0, remote software version Cisco-1.25 > debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x6000 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to 10.10.20.25:22 as 'admin' > debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" > debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:9 > debug3: load_hostkeys: loaded 1 keys from 10.10.20.25 > debug3: order_hostkeyalgs:
[jira] [Comment Edited] (SSHD-941) mina ssh client times out connecting with IOS 15.2
[ https://issues.apache.org/jira/browse/SSHD-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16940246#comment-16940246 ] Lyor Goldstein edited comment on SSHD-941 at 10/2/19 12:42 PM: --- {code:java} mina ssh needs to receive "server version string: ..." before sending SSH_MSG_USERAUTH_REQUEST in order to connect with Cisco device {code} Indeed, and for this there is a +special setting+ that needs to be activated in the _main_ code (see SSHD-930): {code:java} SshClient client = ...setup client... PropertyResolverUtils.updateProperty(client, ClientFactoryManager.SEND_IMMEDIATE_IDENTIFICATION, false); client.start(); {code} This will delay the client's KEX-INIT until the server's identification is received (and reported) - thus enabling the code to prepare the session correctly. This also explains why {quote}connection with IOS only has 50/50 chance of succeeding. {quote} it depends on whether the server's identification has been received or not before the KEX setting has been changed. *Note:* the delay feature is not yet part of the released version was (Author: lgoldstein): {code} mina ssh needs to receive "server version string: ..." before sending SSH_MSG_USERAUTH_REQUEST in order to connect with Cisco device {code} Indeed, and for this there is a +special setting+ that needs to be activated in the _main_ code (see SSHD-930): {code:java} SshClient client = ...setup client... PropertyResolverUtils.updateProperty(client, ClientFactoryManager.SEND_IMMEDIATE_IDENTIFICATION, false); client.start(); {code} This will delay the client's KEX-INIT until the server's identification is received (and reported) - thus enabling the code to prepare the session correctly. This also explains why {quote}onnection with IOS only has 50/50 chance of succeeding.{quote} it depends on whether the server's identification has been received or not before the KEX setting has been changed. *Note:* the delay feature is not yet part of the released version > mina ssh client times out connecting with IOS 15.2 > -- > > Key: SSHD-941 > URL: https://issues.apache.org/jira/browse/SSHD-941 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Yuefeng >Assignee: Lyor Goldstein >Priority: Major > > Other device is Cisco IOS 15.2 - > IOS-15#show version > Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version > 15.2(CML_NIGHTLY_20180510)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, > synced to V152_6_0_81_E > > apache.sshd always times out connecting to this device - > > {code:java} > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:68 - Client session created: > Nio2Session[local=/10.10.20.1:41950, remote=/10.10.20.25:22] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.s.ClientUserAuthService:101 - > ClientUserAuthService(ClientSessionImpl[null@/10.10.20.25:22]) client > methods: [publickey, keyboard-interactive, password] > 2019-09-12 20:42:30.559Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1569 - > sendIdentification(ClientSessionImpl[null@/10.10.20.25:22]): > SSH-2.0-SSHD-CORE-2.0.0 > 2019-09-12 20:42:30.560Z [sshd-SshClient[4ae0d26a]-nio2-thread-15] DEBUG > o.a.s.c.session.ClientSessionImpl:1716 - > sendKexInit(ClientSessionImpl[null@/10.10.20.25:22]) Send SSH_MSG_KEXINIT > 2019-09-12 20:42:30.560Z [collector-55326-2] DEBUG > o.a.s.c.s.ClientUserAuthService:150 - > auth(ClientSessionImpl[admin@/10.10.20.25:22])[ssh-connection] send > SSH_MSG_USERAUTH_REQUEST for 'none' > 2019-09-12 20:42:30.564Z [collector-55326-2] DEBUG > o.a.s.c.session.ClientSessionImpl:1110 - > writePacket(ClientSessionImpl[admin@/10.10.20.25:22])[SSH_MSG_USERAUTH_REQUEST] > Start flagging packets as pending until key exchange is done > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:1653 - > doReadIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) > line='SSH-2.0-Cisco-1.25' > 2019-09-12 20:42:30.612Z [sshd-SshClient[4ae0d26a]-nio2-thread-9] DEBUG > o.a.s.c.session.ClientSessionImpl:375 - > readIdentification(ClientSessionImpl[admin@/10.10.20.25:22]) Server version > string: SSH-2.0-Cisco-1.25 > 2019-09-12 20:42:50.565Z [collector-55326-2] WARN > c.forwardnetworks.client.web.a.b.e:181 - SSH auth failed: > DefaultAuthFuture[ssh-connection]: Failed to get operation result within > specified timeout: 2 > org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: > Failed to get operation result within specified timeout: 2 > {code} > > ssh on linux has no problem connecting - > {code:java} > root@eve-ng:/opt/fwd/logs#