mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (SSHD-852) Verification fails for hashed known host entry on non standard port generated by OpenSSH client
Date Thu, 18 Oct 2018 10:59:00 GMT

     [ https://issues.apache.org/jira/browse/SSHD-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Goldstein Lyor reassigned SSHD-852:
-----------------------------------

    Assignee: Goldstein Lyor

> Verification fails for hashed known host entry on non standard port generated by OpenSSH
client
> -----------------------------------------------------------------------------------------------
>
>                 Key: SSHD-852
>                 URL: https://issues.apache.org/jira/browse/SSHD-852
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Linux Mint 19
>            Reporter: Stefan Verhoeven
>            Assignee: Goldstein Lyor
>            Priority: Minor
>         Attachments: ConnectToNonDefaultPortTest.java
>
>
> The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH
client when the entry is on a port other than 22.
>  
> I get the following exception
> {code:java}
> org.apache.sshd.common.SshException: Server key did not validate
>  at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
> ...{code}
>  
> The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check
hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference
will cause the correct known host entry to be marked as not a match which in turn causes the
exception.
>  
> The error can be reproduced by setting up the a SSH server
> {code:java}
> rm ~/.ssh/known_hosts
> docker run -d -p 2222:22 nlesc/xenon-ssh 
> # Prime known hosts with hash entry, password=javagat
> ssh xenon@localhost -p 10022 hostname
> {code}
> and then running the attached test.
>  
> I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message