karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4502) REGRESSION: using OpenJDK on CentOS 7 causes bin/client to fail with "Unable to negotiate key exchange for kex algorithms"
Date Mon, 13 Jun 2016 13:59:21 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327439#comment-15327439
] 

Guillaume Nodet commented on KARAF-4502:
----------------------------------------

I think we should revert KARAF-4062 and provide a different fix.
The problem with KARAF-4062 may be related with the fact that when installing BouncyCastle,
the ssh server will use it (as it is deployed as a bundle), but the client may not (it needs
to be added to the class path).  We should enhance the client to add BC to the class path
if available, but even without BC, the client and server should be able to communicate together.

> REGRESSION: using OpenJDK on CentOS 7 causes bin/client to fail with "Unable to negotiate
key exchange for kex algorithms"
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KARAF-4502
>                 URL: https://issues.apache.org/jira/browse/KARAF-4502
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3, 3.0.6, 4.0.4
>         Environment: CentOS Linux release 7.0.1406 (Core) 
> openjdk version "1.8.0_77"
>            Reporter: Damjan Jovanovic
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 3.0.7, 4.0.6
>
>
> On a fresh install of CentOS 7 with OpenJDK 1.8, running karaf container versions >
4.0.2 either with "bin/karaf" or as a service (whether sysvinit or systemd), trying to log
in with "bin/client" always fails with an exception.
> Oracle JDK - by comparison - works.
> "git bisect" narrowed down the regression to the following commit:
> 539540cde099aee52fd523a09aca92e36522261c is the first bad commit
> commit 539540cde099aee52fd523a09aca92e36522261c
> Author: Freeman Fang <freeman.fang@gmail.com>
> Date:   Wed Oct 14 12:09:09 2015 +0800
>     [KARAF-4062]Karaf client does now work after installing BouncyCastle
> :040000 040000 926f15997510a671ff77db9623f8b65ce4186706 da83c22e043de3004a620f1cc88e25ee672bd09d
M	client
> The exception is:
> # bin/client
> Logging in as karaf
> 3771 [sshd-SshClient[593634ad]-nio2-thread-2] WARN org.apache.sshd.client.session.ClientSessionImpl
- Exception caught
> java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms
(client: ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521
/ server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)
> 	at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)
> 	at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)
> 	at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)
> 	at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)
> 	at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)
> 	at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)
> 	at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
> 	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
> 	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
> 	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
> 	at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
> 	at sun.nio.ch.Invoker$2.run(Invoker.java:218)
> 	at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Authentication failed



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message