mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pavel Babyak (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (SSHD-281) Unsupported command: SSH_MSG_KEXINIT with openssh 6.4_p1
Date Thu, 30 Jan 2014 05:04:09 GMT

    [ https://issues.apache.org/jira/browse/SSHD-281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886243#comment-13886243
] 

Pavel Babyak edited comment on SSHD-281 at 1/30/14 5:02 AM:
------------------------------------------------------------

No, it occurs at the moment of creation exec channel.
And with previous installed version (5.9_p1) everything worked fine.

 log:
--------
[main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle already registered as
a JCE provider
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Session created...
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-OpenSSH_6.4p1-hpn14v2
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Received SSH_MSG_KEXINIT
[pool-2-thread-1] INFO org.apache.sshd.client.kex.DHG14 - Send SSH_MSG_KEXDH_INIT
[pool-2-thread-2] INFO org.apache.sshd.client.kex.DHG14 - Received SSH_MSG_KEXDH_REPLY
[pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server
at localhost/127.0.0.1:22 presented unverified key: 
[pool-2-thread-2] INFO org.apache.sshd.client.session.ClientSessionImpl - Received SSH_MSG_NEWKEYS
[pool-2-thread-2] INFO org.apache.sshd.client.session.ClientSessionImpl - Send SSH_MSG_SERVICE_REQUEST
for ssh-userauth
[main] INFO org.apache.sshd.client.auth.UserAuthPublicKey - Send SSH_MSG_USERAUTH_REQUEST
for publickey
[pool-2-thread-5] INFO org.apache.sshd.client.auth.UserAuthPublicKey - Received SSH_MSG_USERAUTH_SUCCESS
[main] INFO dsystem.test.ssh.TestClient - logged in
[main] INFO org.apache.sshd.client.channel.ChannelExec - Send SSH_MSG_CHANNEL_OPEN on channel
101
[pool-2-thread-2] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught
java.lang.IllegalStateException: Unsupported command: SSH_MSG_KEXINIT
------------


was (Author: watchcat):
No, it occurs at the moment of creation exec channel.
And with previous installed version (5.9_p1) everything worked fine.
It seems that new version openssh requested Key-reexchange immediately after successful authentication.
 log:
--------
[main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle already registered as
a JCE provider
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Session created...
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-OpenSSH_6.4p1-hpn14v2
[pool-2-thread-1] INFO org.apache.sshd.client.session.ClientSessionImpl - Received SSH_MSG_KEXINIT
[pool-2-thread-1] INFO org.apache.sshd.client.kex.DHG14 - Send SSH_MSG_KEXDH_INIT
[pool-2-thread-2] INFO org.apache.sshd.client.kex.DHG14 - Received SSH_MSG_KEXDH_REPLY
[pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server
at localhost/127.0.0.1:22 presented unverified key: 
[pool-2-thread-2] INFO org.apache.sshd.client.session.ClientSessionImpl - Received SSH_MSG_NEWKEYS
[pool-2-thread-2] INFO org.apache.sshd.client.session.ClientSessionImpl - Send SSH_MSG_SERVICE_REQUEST
for ssh-userauth
[main] INFO org.apache.sshd.client.auth.UserAuthPublicKey - Send SSH_MSG_USERAUTH_REQUEST
for publickey
[pool-2-thread-5] INFO org.apache.sshd.client.auth.UserAuthPublicKey - Received SSH_MSG_USERAUTH_SUCCESS
[main] INFO dsystem.test.ssh.TestClient - logged in
[main] INFO org.apache.sshd.client.channel.ChannelExec - Send SSH_MSG_CHANNEL_OPEN on channel
101
[pool-2-thread-2] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught
java.lang.IllegalStateException: Unsupported command: SSH_MSG_KEXINIT
------------

> Unsupported command: SSH_MSG_KEXINIT with openssh 6.4_p1
> --------------------------------------------------------
>
>                 Key: SSHD-281
>                 URL: https://issues.apache.org/jira/browse/SSHD-281
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.9.0
>         Environment: host: Gentoo x86_64, OpenSSH_6.4p1-hpn14v2, OpenSSL 1.0.1f 6 Jan
2014
> client: Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
>            Reporter: Pavel Babyak
>
> When connecting to openssh server with authPublicKey, caught exception Unsupported command:
SSH_MSG_KEXINIT
> java.lang.IllegalStateException: Unsupported command: SSH_MSG_KEXINIT
> 	at org.apache.sshd.client.session.ClientSessionImpl.doHandleMessage(ClientSessionImpl.java:422)
> 	at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:293)
> 	at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:587)
> 	at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:253)
> 	at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
> 	at org.apache.sshd.common.io.nio2.Nio2Session$2.completed(Nio2Session.java:231)
> 	at org.apache.sshd.common.io.nio2.Nio2Session$2.completed(Nio2Session.java:217)
> 	at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
> 	at sun.nio.ch.Invoker$2.run(Invoker.java:206)
> 	at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:744)
> --------------------
> i did a trace connection and authentication process and this is what i found:
> ClientSessionImpl.doHandleMessage command flow:
> SSH_MSG_KEXINIT
> SSH_MSG_KEXDH_REPLY_KEX_DH_GEX_GROUP
> SSH_MSG_NEWKEYS
> SSH_MSG_SERVICE_ACCEPT
> SSH_MSG_USERAUTH_SUCCESS
> SSH_MSG_KEXINIT      <----------!!!! with session state 'Running'
> ---------------------
> Test code (Groovy):
> ---------------------
> import org.apache.sshd.ClientChannel
> import org.apache.sshd.ClientSession
> import org.apache.sshd.SshClient
> import org.apache.sshd.common.util.NoCloseOutputStream
> import org.bouncycastle.jce.provider.BouncyCastleProvider
> import org.bouncycastle.openssl.PEMDecryptorProvider
> import org.bouncycastle.openssl.PEMEncryptedKeyPair
> import org.bouncycastle.openssl.PEMKeyPair
> import org.bouncycastle.openssl.PEMParser
> import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
> import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder
> import java.security.KeyPair
> import java.security.Security
> def getKeyPair = { String resource ->
> 	InputStream rsaStream = Class.getResourceAsStream( resource )
> 	assert rsaStream != null
> 	try{
> 		PEMParser parser = new PEMParser( new InputStreamReader( rsaStream ) )
> 		Object object = parser.readObject()
> 		JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider( 'BC' )
> 		return converter.getKeyPair( (PEMKeyPair) object )
> 	}finally{
> 		rsaStream.close()
> 	}
> }
> SshClient client = SshClient.setUpDefaultClient()
> client.start()
> try{
> 	def connect = client.connect( DST_ADDR, DST_PORT )
> 	connect.await()
> 	assert connect.connected
> 	def session = connect.session
> 	assert session != null
> 	int ret = ClientSession.WAIT_AUTH;
> 	while( ( ret & ClientSession.WAIT_AUTH ) != 0 ){
> 		session.authPublicKey( DST_LOGIN, getKeyPair(RSA_KEY) )
> 		ret = session.waitFor( ( ClientSession.WAIT_AUTH | ClientSession.CLOSED | ClientSession.AUTHED
) as int, 0 );
> 	}
> 	assert ( ret & ClientSession.CLOSED ) == 0
> 	ClientChannel channel = session.createExecChannel( './test.sh' )
> 	channel.in = new NoCloseInputStream( System.in )
> 	channel.out = new NoCloseOutputStream( System.out )
> 	channel.err = new NoCloseOutputStream( System.err )
> 	channel.open()
> 	channel.waitFor( ClientChannel.CLOSED, 0 )
> 	session.close( true )
> }finally{
> 	client.stop();
> }
> ---------------------



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message