mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Petrenko (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SSHD-642) Authentication failed: Signature length not correct: got 255 but was expecting 256
Date Wed, 10 Feb 2016 21:50:18 GMT
Eugene Petrenko created SSHD-642:
------------------------------------

             Summary: Authentication failed: Signature length not correct: got 255 but was
expecting 256
                 Key: SSHD-642
                 URL: https://issues.apache.org/jira/browse/SSHD-642
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 1.0.0
            Reporter: Eugene Petrenko


This issue I observe with quite low probability. It turns out that RSA signature verification
fails and thus SSH key authentication fails. (This is a bit strange that key verification
is executed BEFORE signature is checked). 
In my cases it fails with Trilead SSH2 client. 

>From the code it fails inside JCE where it is asserted message size if not trimmed. (Exception
is not getting properly logged, but it is possible to find the message in sun/security/rsa/RSASignature.java
file)

In the sources of Trilead I see the code, that may trim leading zero byte from the signature.
Signature here is encoded with type and data, so that org.apache.sshd.common.signature.AbstractSignature#extractEncodedSignature
is executed and not-null is returned).
https://github.com/JetBrains/intellij-community/blob/master/plugins/cvs/trilead-ssh2-build213/src/com/trilead/ssh2/signature/RSASHA1Verify.java#L98
As you may see from the link this is the way they understand the standard. 

I checked JSch code, and there is not such a byte trim there. 

It may mean Mina SSHD should attempt to workaround it and add zero bites back




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message