[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16945848#comment-16945848 ] Lyor Goldstein commented on SSHD-945: - Affected code: {code:java|title=DSA.class} protected void engineInitSign(PrivateKey privateKey) ... // check key size against hash output size for signing // skip this check for verification to minimize impact on existing apps if (md.getAlgorithm() != "NullDigest20") { checkKey(params, md.getDigestLength()*8, md.getAlgorithm()); } } private static void checkKey(DSAParams params, int digestLen, String mdAlgo) throws InvalidKeyException { // FIPS186-3 states in sec4.2 that a hash function which provides // a lower security strength than the (L, N) pair ordinarily should // not be used. int valueN = params.getQ().bitLength(); if (valueN > digestLen) { throw new InvalidKeyException("The security strength of " + mdAlgo + " digest algorithm is not sufficient for this key size"); } } {code} > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java, maverick_id_dsa > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16945387#comment-16945387 ] Lyor Goldstein commented on SSHD-945: - I figured this might be the problem but just wanted to make sure. Seems that the solution would be to implement the same "wrong" signature using SHA1 on 2048 bit keys even though it is not recommended by the security community. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java, maverick_id_dsa > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16945367#comment-16945367 ] Thomas Wolf commented on SSHD-945: -- The problem is not the key per se. OpenSSH client and server even work with a DSA2048 key, but they still use a 160bit SHA1 signature hash, which is an insecure setup. The signature hash should be 224 or 256 bits for such keys. If a client uses a different signature hash, it'll violate RFC 4253 and it's unlikely that this would work with an OpenSSH server. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java, maverick_id_dsa > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943993#comment-16943993 ] Logan commented on SSHD-945: Attached maverick key is readable by Jsch API @Test public void testExistingDsa() throws Exception { byte[] privateKeyBytes = org.apache.sshd.common.util.io.IoUtils.toByteArray(getClass().getResourceAsStream("/maverick_id_dsa")); java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); com.jcraft.jsch.JSch jsch = new com.jcraft.jsch.JSch(); jsch.addIdentity("test", privateKeyBytes, null, null); com.jcraft.jsch.Session session = jsch.getSession("test", "localhost", PORT); session.setConfig(config); session.connect(); session.getHostKey().getFingerPrint(jsch); } > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java, maverick_id_dsa > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943681#comment-16943681 ] Lyor Goldstein commented on SSHD-945: - {quote} Oddly I have some DSA 2048 keys (generated by old maverick code) that does not fail at all {quote} * Let's make sure the keys are 2048 bits * Let's make sure that these keys can be used with the SSHD client > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java, maverick_id_dsa > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943615#comment-16943615 ] Logan commented on SSHD-945: Oddly I have some DSA 2048 keys (generated by old maverick code) that does not fail at all. Wondering if this has something to do with the way key pair is generated? > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943585#comment-16943585 ] Lyor Goldstein commented on SSHD-945: - By looking at the code, it would be possible to add a "hack" that either behaves like {{OpenSSH}} or automatically uses {{SHA256withDSA}} if it detects a key size greater that 1024. However, I am not sure this is correct. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943582#comment-16943582 ] Lyor Goldstein commented on SSHD-945: - {quote} Apache sshd is in fact correct to complain that "the security strength of SHA-1 digest algorithm is not sufficient for this key". {quote} It is not _Apache_ SSHD that complains but rather the JCE that it is using. Note that _Apache_ SSHD relies on the underlying security provider to execute the signing. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943455#comment-16943455 ] Thomas Wolf commented on SSHD-945: -- Sorry, I mis-interpreted that bit: {quote} {code:java} debug2: input_userauth_pk_ok: fp SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M debug3: sign_and_send_pubkey: DSA SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M {code} {quote} This SHA256 is just the hash of the DSA key. Running the test again with server-side logging and then looking at the code of OpenSSH, it looks as if OpenSSH actually uses the DSA 2048 key but with a 160bit SHA1 signature hash. The server goes through * [userauth_pubkey|https://github.com/openssh/openssh-portable/blob/be02d7c/auth2-pubkey.c#L213] * [sshkey_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/sshkey.c#L2662] * [ssh_dss_verify|https://github.com/openssh/openssh-portable/blob/be02d7c/ssh-dss.c#L120] where SHA1 and 160bits are hardcoded. So it uses something it shouldn't use at all. sshd is in fact correct to complain that "the security strength of SHA-1 digest algorithm is not sufficient for this key". > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943402#comment-16943402 ] Thomas Wolf commented on SSHD-945: -- {quote} org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key {quote} is exactly the problem pointed out in https://bugzilla.mindrot.org/show_bug.cgi?id=1647: SHA-1 is 160 bits and is mandated by RFC 4253, but for a DSA2048 key one would need a longer hash (224 or 256bits). Interestingly enough, OpenSSH does work with such keys (if DSA is enabled at all in client and server), and uses SHA256 (client log; OS X, OpenSSH_7.4p1, LibreSSL 2.5.0): {code} ... debug1: Next authentication method: publickey debug1: Offering DSA public key: /Users/thomas/.ssh/id_dsa_2048 debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg ssh-dss blen 818 debug2: input_userauth_pk_ok: fp SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M debug3: sign_and_send_pubkey: DSA SHA256:usOY30m0OcvF44d+OK0TezJ9xfOoY0c6Fn1lzA+gQ6M debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (publickey). ... {code} See https://zonena.me/2014/02/using-2048-bit-dsa-keys-with-openssh/ for how to create a DSA 2048 bit key, and DSA must be enabled in both openSSH client and server ({{PubkeyAcceptedKeyTypes=+ssh-dss}} in the config files). > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943164#comment-16943164 ] Logan commented on SSHD-945: I am ran the same tests on JDK 1.8.0_201 unlimited strength on RHEL 6 and it still fails. I will try to get the stack trace soon. But you see it fails in DSA signing. I do not known how DSA signing works in SSHD client. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943160#comment-16943160 ] Logan commented on SSHD-945: I changed the host key provider from {code:java} sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());{code} to below {code:java} SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider();SimpleGeneratorHostKeyProvider keyProvider = new SimpleGeneratorHostKeyProvider(); keyProvider.setAlgorithm("DSA"); keyProvider.setKeySize(2048); sshd.setKeyPairProvider(keyProvider);{code} and I see different stack trace: {noformat} org.apache.sshd.common.SshException: Session is being closedorg.apache.sshd.common.SshException: Session is being closed at org.apache.sshd.client.session.ClientSessionImpl.preClose(ClientSessionImpl.java:126) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:82) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.sessionClosed(AbstractSessionIoHandler.java:46) at org.apache.sshd.common.io.nio2.Nio2Session.doCloseImmediately(Nio2Session.java:266) at org.apache.sshd.common.util.closeable.AbstractCloseable.close(AbstractCloseable.java:83) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:353) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748){noformat} > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jir
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943158#comment-16943158 ] Logan commented on SSHD-945: Few observations: I am running on JDK 1.8.0_201 limited strength. Bbouncy castle was included in the classpath. After removing bouncy castle I get a different error stack trace but still fails. {noformat} org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key sizeorg.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: The security strength of SHA-1 digest algorithm is not sufficient for this key size at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:132) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:187) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:132) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:40) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:33) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:44) at com.citi.grandcentral.sftp.DSAKeyTests.testGenerated(DSAKeyTests.java:166) at com.citi.grandcentral.sftp.DSAKeyTests.testDsa2048(DSAKeyTests.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1115) at java.security.Signature$Delegate.engineInitSign(Signature.java:1179) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:91) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:61) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:225) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:203) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:268) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) at org.apache.sshd.common.session.helpers.Abstract
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16942207#comment-16942207 ] Thomas Wolf commented on SSHD-945: -- The JCE (Java Cryptographic Extension) is not needed on anymore on modern OpenJDK/Oracle JVMs. Which is pointed out at the link Christoph gave. I found [https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys] interesting, and especially Darren's answer there, which points to [https://bugzilla.mindrot.org/show_bug.cgi?id=1647] . Does OpenSSH client (and server) actually work with DSA 2048 keys, as claimed by some? > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941297#comment-16941297 ] Christoph John commented on SSHD-945: - Hi [~apachelogan], this is needed to use 2048 bit keys: https://www.oracle.com/technetwork/java/javase/downloads/jce-all-download-5170447.html > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-945) DSA 2048 public key authentication fails
[ https://issues.apache.org/jira/browse/SSHD-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940964#comment-16940964 ] Lyor Goldstein commented on SSHD-945: - I seem to remember some JDK related issues with DSA and 2048 bits - not all JDKs support it. I also vaguely remember that one had to install a special "patch" to the Oracle JDK in order to allow high-order keys and ciphers. If you do reach a conclusion, please update this issue. > DSA 2048 public key authentication fails > > > Key: SSHD-945 > URL: https://issues.apache.org/jira/browse/SSHD-945 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Logan >Priority: Major > Attachments: DSAKeyTests.java > > > While RSA 1024, 2048 and DSA 1024 keys succeed, DSA 2048 fails with error > trace listed below. I am trying to figure out if the issue is related to DSA > keys generated by JDK or apache SSHD. Attached is the test case. > > Tests with JSch API also fail with DSA 2048 keys. > > Error trace: > {code:java} > org.apache.sshd.common.SshException: No more authentication methods > availableorg.apache.sshd.common.SshException: No more authentication methods > available at > org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:318) > at > org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:254) > at > org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:201) > at > org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:626) > at > org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:559) > at > org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1542) > at > org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:520) > at > org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:63) > at > org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:339) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:318) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:315) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) > at java.security.AccessController.doPrivileged(Native Method) at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at > sun.nio.ch.Invoker$2.run(Invoker.java:218) at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} > [^DSAKeyTests.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org