mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-852) Verification fails for hashed known host entry on non standard port generated by OpenSSH client
Date Wed, 17 Oct 2018 18:45:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654040#comment-16654040
] 

Goldstein Lyor commented on SSHD-852:
-------------------------------------

Thanks for the contribution - created [https://github.com/apache/mina-sshd/pull/71.] I will
review it and merge it in if no problems come up. Can you provide some link to the documentation
that explains how known host hashes should be calculated for standard and non-standard ports
? I would be especially interested also in how to hash IPv6 addresses (though not an issue
at the moment).

> Verification fails for hashed known host entry on non standard port generated by OpenSSH
client
> -----------------------------------------------------------------------------------------------
>
>                 Key: SSHD-852
>                 URL: https://issues.apache.org/jira/browse/SSHD-852
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Linux Mint 19
>            Reporter: Stefan Verhoeven
>            Priority: Minor
>         Attachments: ConnectToNonDefaultPortTest.java
>
>
> The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH
client when the entry is on a port other than 22.
>  
> I get the following exception
> {code:java}
> org.apache.sshd.common.SshException: Server key did not validate
>  at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
> ...{code}
>  
> The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check
hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference
will cause the correct known host entry to be marked as not a match which in turn causes the
exception.
>  
> The error can be reproduced by setting up the a SSH server
> {code:java}
> rm ~/.ssh/known_hosts
> docker run -d -p 2222:22 nlesc/xenon-ssh 
> # Prime known hosts with hash entry, password=javagat
> ssh xenon@localhost -p 10022 hostname
> {code}
> and then running the attached test.
>  
> I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message