[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16945848#comment-16945848
]
Lyor Goldstein edited comment on SSHD-945 at 10/7/19 12:44 PM:
---
Affected code:
{code:java|title=DSA.class}
protected void engineInitSign(PrivateKey privateKey)
...
// check key size against hash output size for signing
// skip this check for verification to minimize impact on existing apps
if (md.getAlgorithm() != "NullDigest20") {
checkKey(params, md.getDigestLength()*8, md.getAlgorithm());
}
}
private static void checkKey(DSAParams params, int digestLen, String mdAlgo)
throws InvalidKeyException {
// FIPS186-3 states in sec4.2 that a hash function which provides
// a lower security strength than the (L, N) pair ordinarily should
// not be used.
int valueN = params.getQ().bitLength();
if (valueN > digestLen) {
throw new InvalidKeyException("The security strength of " +
mdAlgo + " digest algorithm is not sufficient for this key
size");
}
}
public RawDSA() throws NoSuchAlgorithmException {
super(new NullDigest20());
}
{code}
{code:java|title=Signature.class}
static {
signatureInfo = new ConcurrentHashMap();
Boolean TRUE = Boolean.TRUE;
// pre-initialize with values for our SignatureSpi implementations
signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
}
{code}
was (Author: lgoldstein):
Affected code:
{code:java|title=DSA.class}
protected void engineInitSign(PrivateKey privateKey)
...
// check key size against hash output size for signing
// skip this check for verification to minimize impact on existing apps
if (md.getAlgorithm() != "NullDigest20") {
checkKey(params, md.getDigestLength()*8, md.getAlgorithm());
}
}
private static void checkKey(DSAParams params, int digestLen, String mdAlgo)
throws InvalidKeyException {
// FIPS186-3 states in sec4.2 that a hash function which provides
// a lower security strength than the (L, N) pair ordinarily should
// not be used.
int valueN = params.getQ().bitLength();
if (valueN > digestLen) {
throw new InvalidKeyException("The security strength of " +
mdAlgo + " digest algorithm is not sufficient for this key
size");
}
}
{code}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
>
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943993#comment-16943993
]
Logan edited comment on SSHD-945 at 10/3/19 8:43 PM:
-
Attached maverick key is readable by Jsch API version 0.1.55
{code:java}
@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes =
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}{code}
was (Author: apachelogan):
Attached maverick key is readable by Jsch API
{code:java}
@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes =
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}{code}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943993#comment-16943993
]
Logan edited comment on SSHD-945 at 10/3/19 8:41 PM:
-
Attached maverick key is readable by Jsch API
{code:java}
@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes =
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}{code}
was (Author: apachelogan):
Attached maverick key is readable by Jsch API
@Test
public void testExistingDsa() throws Exception {
byte[] privateKeyBytes =
org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa"));
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch();
jsch.addIdentity("test", privateKeyBytes, null, null);
com.jcraft.jsch.Session session = jsch.getSession("test", "localhost",
PORT);
session.setConfig(config);
session.connect();
session.getHostKey().getFingerPrint(jsch);
}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943615#comment-16943615
]
Logan edited comment on SSHD-945 at 10/3/19 3:20 PM:
-
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated? Attached file named maverick_id_dsa
was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated? Attached dsa 2048 private key (file named maverick_id_dsa) that
works without issues
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943615#comment-16943615
]
Logan edited comment on SSHD-945 at 10/3/19 3:08 PM:
-
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated? Attached dsa 2048 private key (file named maverick_id_dsa) that
works without issues
was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated? Attached dsa 2048 private key that works.
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943615#comment-16943615
]
Logan edited comment on SSHD-945 at 10/3/19 3:07 PM:
-
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated? Attached dsa 2048 private key that works.
was (Author: apachelogan):
Oddly I have some DSA 2048 keys (generated by old maverick code) that does not
fail at all. Wondering if this has something to do with the way key pair is
generated?
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java, maverick_id_dsa
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
> at java.security.AccessController.doPrivileged(Native Method) at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
> sun.nio.ch.Invoker$2.run(Invoker.java:218) at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748){code}
> [^DSAKeyTests.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943402#comment-16943402
]
Thomas Wolf edited comment on SSHD-945 at 10/3/19 9:45 AM:
---
{quote}org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
{quote}
is exactly the problem pointed out in
[https://bugzilla.mindrot.org/show_bug.cgi?id=1647:] SHA-1 is 160 bits and is
mandated by RFC 4253, but for a DSA2048 key one would need a longer signature
hash (224 or 256bits).
Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at
all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1,
LibreSSL 2.5.0):
{code:java}
...
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
...
{code}
See [https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/] for how
to create a DSA 2048 bit key, and DSA must be enabled in both openSSH client
and server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files).
was (Author: wolft):
{quote}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
{quote}
is exactly the problem pointed out in
https://bugzilla.mindrot.org/show_bug.cgi?id=1647: SHA-1 is 160 bits and is
mandated by RFC 4253, but for a DSA2048 key one would need a longer hash (224
or 256bits).
Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at
all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1,
LibreSSL 2.5.0):
{code}
...
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 818
debug2: input_userauth_pk_ok: fp
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: sign_and_send_pubkey: DSA
SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
...
{code}
See https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/ for how to
create a DSA 2048 bit key, and DSA must be enabled in both openSSH client and
server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files).
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error trace:
> {code:java}
> org.apache.sshd.common.SshException: No more authentication methods
> availableorg.apache.sshd.common.SshException: No more authentication methods
> available at
> org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318)
> at
> org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542)
> at
> org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520)
> at
> org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63)
> at
> org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339)
> at
>
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158
]
Logan edited comment on SSHD-945 at 10/2/19 10:54 PM:
--
Few observations:
I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included
in the classpath. After removing bouncy castle I get a different error stack
trace but still fails.
{code:java}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158 ] Logan edited comment on SSHD-945 at 10/2/19 10:53 PM: -- Few observations: I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943160#comment-16943160
]
Logan edited comment on SSHD-945 at 10/2/19 10:53 PM:
--
I changed the host key provider from
{code:java}
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code}
to below
{code:java}
SimpleGeneratorHostKeyProvider keyProvider = new
SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider =
new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA");
keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code}
and I see different stack trace:
{code:java}
org.apache.sshd.common.SshException: Session is being
closedorg.apache.sshd.common.SshException: Session is being closed at
org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46)
at
org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){code}
was (Author: apachelogan):
I changed the host key provider from
{code:java}
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code}
to below
{code:java}
SimpleGeneratorHostKeyProvider keyProvider = new
SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider =
new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA");
keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code}
and I see different stack trace:
{noformat}
org.apache.sshd.common.SshException: Session is being
closedorg.apache.sshd.common.SshException: Session is being closed at
org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46)
at
org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266)
at
org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.security.AccessController.doPrivileged(Native Method) at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at
sun.nio.ch.Invoker$2.run(Invoker.java:218) at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748){noformat}
> DSA 2048 public key authentication fails
>
>
> Key: SSHD-945
> URL: https://issues.apache.org/jira/browse/SSHD-945
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.1.0
>Reporter: Logan
>Priority: Major
> Attachments: DSAKeyTests.java
>
>
> While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error
> trace listed below. I am trying to figure out if the issue is related to DSA
> keys generated by JDK or apache SSHD. Attached is the test case.
>
> Tests with JSch API also fail with DSA 2048 keys.
>
> Error
[jira] [Comment Edited] (SSHD-945) DSA 2048 public key authentication fails
[
https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943158#comment-16943158
]
Logan edited comment on SSHD-945 at 10/2/19 10:46 PM:
--
Few observations:
I am running on JDK 1.8.0_201 unlimited strength. Bbouncy castle was included
in the classpath. After removing bouncy castle I get a different error stack
trace but still fails.
{noformat}
org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed
(InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key
sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]:
Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132)
at
org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187)
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44)
at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166)
at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused
by: java.security.InvalidKeyException: The security strength of SHA-1 digest
algorithm is not sufficient for this key size at
sun.security.provider.DSA.checkKey(DSA.java:111) at
sun.security.provider.DSA.engineInitSign(DSA.java:143) at
java.security.Signature$Delegate.init(Signature.java:1155) at
java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at
java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at
java.security.Signature.initSign(Signature.java:530) at
org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91)
at
org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225)
at
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203)
at
org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73)
at
org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559)
at
