date:20191003

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943993#comment-16943993
 ] 

Logan edited comment on SSHD-945 at 10/3/19 8:43 PM:
-

Attached maverick key is readable by Jsch API version 0.1.55
{code:java}
@Test
 public void testExistingDsa() throws Exception {
 byte[] privateKeyBytes = 
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
 java.util.Properties config = new java.util.Properties();
 config.put("StrictHostKeyChecking", "no");
 com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
 jsch.addIdentity("test", privateKeyBytes, null, null);
 com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
 session.setConfig(config);
 session.connect();
 session.getHostKey().getFingerPrint(jsch);
 }{code}


was (Author: apachelogan):
Attached maverick key is readable by Jsch API
{code:java}
@Test
 public void testExistingDsa() throws Exception {
 byte[] privateKeyBytes = 
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
 java.util.Properties config = new java.util.Properties();
 config.put("StrictHostKeyChecking", "no");
 com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
 jsch.addIdentity("test", privateKeyBytes, null, null);
 com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
 session.setConfig(config);
 session.connect();
 session.getHostKey().getFingerPrint(jsch);
 }{code}

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943993#comment-16943993
 ] 

Logan commented on SSHD-945:


Attached maverick key is readable by Jsch API

@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes = 
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", 
PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943993#comment-16943993
 ] 

Logan edited comment on SSHD-945 at 10/3/19 8:41 PM:
-

Attached maverick key is readable by Jsch API
{code:java}
@Test
 public void testExistingDsa() throws Exception {
 byte[] privateKeyBytes = 
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
 java.util.Properties config = new java.util.Properties();
 config.put("StrictHostKeyChecking", "no");
 com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
 jsch.addIdentity("test", privateKeyBytes, null, null);
 com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
 session.setConfig(config);
 session.connect();
 session.getHostKey().getFingerPrint(jsch);
 }{code}


was (Author: apachelogan):
Attached maverick key is readable by Jsch API

@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes = 
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", 
PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Resolved] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT

2019-10-03 Thread Lyor Goldstein (Jira)



 [ 
https://issues.apache.org/jira/browse/SSHD-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lyor Goldstein resolved SSHD-947.
-
Fix Version/s: 2.3.1
   Resolution: Fixed

> Use separate configuration to control sending client session identity and 
> KEX-INIT
> --
>
> Key: SSHD-947
> URL: https://issues.apache.org/jira/browse/SSHD-947
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 2.3.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Major
> Fix For: 2.3.1
>
>
> The current code uses a single configuration flag to control both. We should 
> use separate flags in order to allow usage of port multiplexers such as 
> [sslh|http://www.rutschle.net/tech/sslh/README.html] where we need the client 
> to send its identification string (thus triggering the correct multiplexing), 
> but we might want to wait with the KEX-INIT until receiving the server's 
> identification - e.g., for special customization of the KEX phase based on 
> the server.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943681#comment-16943681
 ] 

Lyor Goldstein commented on SSHD-945:
-

{quote}
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all
{quote}
* Let's make sure the keys are 2048 bits
* Let's make sure that these keys can be used with the SSHD client

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943615#comment-16943615
 ] 

Logan edited comment on SSHD-945 at 10/3/19 3:20 PM:
-

Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?  Attached file named maverick_id_dsa


was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?  Attached dsa 2048 private key (file named maverick_id_dsa) that 
works without issues

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943615#comment-16943615
 ] 

Logan edited comment on SSHD-945 at 10/3/19 3:08 PM:
-

Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?  Attached dsa 2048 private key (file named maverick_id_dsa) that 
works without issues


was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?  Attached dsa 2048 private key that works.

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943615#comment-16943615
 ] 

Logan edited comment on SSHD-945 at 10/3/19 3:07 PM:
-

Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?  Attached dsa 2048 private key that works.


was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Logan (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943615#comment-16943615
 ] 

Logan commented on SSHD-945:


Oddly I have some DSA 2048 keys (generated by old maverick code) that does not 
fail at all. Wondering if this has something to do with the way key pair is 
generated?

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943585#comment-16943585
 ] 

Lyor Goldstein edited comment on SSHD-945 at 10/3/19 1:16 PM:
--

By looking at the code, it would be possible to add a "hack" that either 
behaves like {{OpenSSH}} or automatically uses {{SHA256withDSA}} if it detects 
a key size greater that 1024. However, I am not sure this is correct.

I also found [this 
reference|https://github.com/google/wycheproof/blob/master/doc/dsa.md] about a 
patch to JDK8 , 9 that abolish the key length check.


was (Author: lgoldstein):
By looking at the code, it would be possible to add a "hack" that either 
behaves like {{OpenSSH}} or automatically uses {{SHA256withDSA}} if it detects 
a key size greater that 1024. However, I am not sure this is correct.

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943585#comment-16943585
 ] 

Lyor Goldstein commented on SSHD-945:
-

By looking at the code, it would be possible to add a "hack" that either 
behaves like {{OpenSSH}} or automatically uses {{SHA256withDSA}} if it detects 
a key size greater that 1024. However, I am not sure this is correct.

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943582#comment-16943582
 ] 

Lyor Goldstein commented on SSHD-945:
-

{quote}
Apache sshd is in fact correct to complain that "the security strength of SHA-1 
digest algorithm is not sufficient for this key".
{quote}
It is not _Apache_ SSHD that complains but rather the JCE that it is using. 
Note that _Apache_ SSHD relies on the underlying security provider to execute 
the signing.

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Thomas Wolf (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943402#comment-16943402
 ] 

Thomas Wolf edited comment on SSHD-945 at 10/3/19 9:45 AM:
---

{quote}org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: 
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest 
algorithm is not sufficient for this key
{quote}
is exactly the problem pointed out in 
[https://bugzilla.mindrot.org/show_bug.cgi?id=1647:] SHA-1 is 160 bits and is 
mandated by RFC 4253, but for a DSA2048 key one would need a longer signature 
hash (224 or 256bits).

Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at 
all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1, 
LibreSSL 2.5.0):
{code:java}
...
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
...
{code}
See [https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/] for how 
to create a DSA 2048 bit key, and DSA must be enabled in both openSSH client 
and server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files).


was (Author: wolft):
{quote}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed 
(InvalidKeyException) to execute: The security strength of SHA-1 digest 
algorithm is not sufficient for this key
{quote}

is exactly the problem pointed out in 
https://bugzilla.mindrot.org/show_bug.cgi?id=1647: SHA-1 is 160 bits and is 
mandated by RFC 4253, but for a DSA2048 key one would need a longer hash (224 
or 256bits).

Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at 
all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1, 
LibreSSL 2.5.0):
{code}
...
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
...
{code}

See https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/ for how to 
create a DSA 2048 bit key, and DSA must be enabled in both openSSH client and 
server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files).

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Thomas Wolf (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943455#comment-16943455
 ] 

Thomas Wolf edited comment on SSHD-945 at 10/3/19 9:44 AM:
---

Sorry, I mis-interpreted that bit:
{quote}
{code:java}
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
{code}
{quote}
This SHA256 is just the hash of the DSA key.

Running the test again with server-side logging and then looking at the code of 
OpenSSH, it looks as if OpenSSH actually uses the DSA 2048 key but with a 
160bit SHA1 signature hash. The server goes through
 * 
[userauth_pubkey|https://github.com/openssh/openssh-portable/blob/be02d7c/auth2-pubkey.c#L213]
 * 
[sshkey_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/sshkey.c#L2662]
 * 
[ssh_dss_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/ssh-dss.c#L120]
 where SHA1 and 160bits are hardcoded.

So it uses and accepts something it shouldn't use at all.

Apache sshd is in fact correct to complain that "the security strength of SHA-1 
digest algorithm is not sufficient for this key".


was (Author: wolft):
Sorry, I mis-interpreted that bit:
{quote}
{code:java}
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
{code}
{quote}
This SHA256 is just the hash of the DSA key.

Running the test again with server-side logging and then looking at the code of 
OpenSSH, it looks as if OpenSSH actually uses the DSA 2048 key but with a 
160bit SHA1 signature hash. The server goes through
 * 
[userauth_pubkey|https://github.com/openssh/openssh-portable/blob/be02d7c/auth2-pubkey.c#L213]
 * 
[sshkey_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/sshkey.c#L2662]
 * 
[ssh_dss_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/ssh-dss.c#L120]
 where SHA1 and 160bits are hardcoded.

So it uses something it shouldn't use at all.

sshd is in fact correct to complain that "the security strength of SHA-1 digest 
algorithm is not sufficient for this key".

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){co

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Thomas Wolf (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943455#comment-16943455
 ] 

Thomas Wolf commented on SSHD-945:
--

Sorry, I mis-interpreted that bit:
{quote}
{code:java}
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
{code}
{quote}
This SHA256 is just the hash of the DSA key.

Running the test again with server-side logging and then looking at the code of 
OpenSSH, it looks as if OpenSSH actually uses the DSA 2048 key but with a 
160bit SHA1 signature hash. The server goes through
 * 
[userauth_pubkey|https://github.com/openssh/openssh-portable/blob/be02d7c/auth2-pubkey.c#L213]
 * 
[sshkey_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/sshkey.c#L2662]
 * 
[ssh_dss_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/ssh-dss.c#L120]
 where SHA1 and 160bits are hardcoded.

So it uses something it shouldn't use at all.

sshd is in fact correct to complain that "the security strength of SHA-1 digest 
algorithm is not sufficient for this key".

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Work started] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT

2019-10-03 Thread Lyor Goldstein (Jira)



 [ 
https://issues.apache.org/jira/browse/SSHD-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on SSHD-947 started by Lyor Goldstein.
---
> Use separate configuration to control sending client session identity and 
> KEX-INIT
> --
>
> Key: SSHD-947
> URL: https://issues.apache.org/jira/browse/SSHD-947
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 2.3.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Major
>
> The current code uses a single configuration flag to control both. We should 
> use separate flags in order to allow usage of port multiplexers such as 
> [sslh|http://www.rutschle.net/tech/sslh/README.html] where we need the client 
> to send its identification string (thus triggering the correct multiplexing), 
> but we might want to wait with the KEX-INIT until receiving the server's 
> identification - e.g., for special customization of the KEX phase based on 
> the server.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

2019-10-03 Thread Thomas Wolf (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943402#comment-16943402
 ] 

Thomas Wolf commented on SSHD-945:
--

{quote}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed 
(InvalidKeyException) to execute: The security strength of SHA-1 digest 
algorithm is not sufficient for this key
{quote}

is exactly the problem pointed out in 
https://bugzilla.mindrot.org/show_bug.cgi?id=1647: SHA-1 is 160 bits and is 
mandated by RFC 4253, but for a DSA2048 key one would need a longer hash (224 
or 256bits).

Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at 
all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1, 
LibreSSL 2.5.0):
{code}
...
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA 
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
...
{code}

See https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/ for how to 
create a DSA 2048 bit key, and DSA must be enabled in both openSSH client and 
server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files).

> DSA 2048 public key authentication fails
> 
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error 
> trace listed below. I am trying to figure out if the issue is related to DSA 
> keys generated by JDK or apache SSHD. Attached is the test case. 
>  
> Tests with JSch API also fail with DSA 2048 keys.
>  
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods 
> availableorg.apache.sshd.common.SshException: No more authentication methods 
> available at 
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
>  at 
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
>  at 
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
>  at 
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
>  at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
>  at java.security.AccessController.doPrivileged(Native Method) at 
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
>  at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at 
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at 
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Resolved] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

[jira] [Work started] (SSHD-947) Use separate configuration to control sending client session identity and KEX-INIT

[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails

17 matches

Site Navigation

Mail list logo

Footer information