mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-642) Authentication failed: Signature length not correct: got 255 but was expecting 256
Date Sat, 13 Feb 2016 00:02:18 GMT

    [ https://issues.apache.org/jira/browse/SSHD-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145593#comment-15145593

ASF GitHub Bot commented on SSHD-642:

GitHub user jonnyzzz opened a pull request:



    Check expected signature length and add missing zeroes if needed.
    Tests is also added
    It turned out Bouncy Castle does not fail if signature size is less than public key modulus

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jonnyzzz/mina-sshd master

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #24
commit bf1213fc502275a9fac779a06c3a459256726d48
Author: Eugene Petrenko <eugene.petrenko@gmail.com>
Date:   2016-02-12T23:19:54Z

    extract #doInitSignature protected helper

commit 706dbc561a165694edad9082927738364a74d9c4
Author: Eugene Petrenko <eugene.petrenko@gmail.com>
Date:   2016-02-12T23:26:51Z

    SSHD-642. Addede tests to reproduce the issue

commit 1ae4258a4779a30f1d51df9ab447ee60496bded4
Author: Eugene Petrenko <eugene.petrenko@gmail.com>
Date:   2016-02-12T23:52:12Z

    include leading zeroes. SSHD-642 is fixed


> Authentication failed: Signature length not correct: got 255 but was expecting 256
> ----------------------------------------------------------------------------------
>                 Key: SSHD-642
>                 URL: https://issues.apache.org/jira/browse/SSHD-642
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>            Reporter: Eugene Petrenko
> This issue I observe with quite low probability. It turns out that RSA signature verification
fails and thus SSH key authentication fails. (This is a bit strange that key verification
is executed BEFORE signature is checked). 
> In my cases it fails with Trilead SSH2 client. 
> From the code it fails inside JCE where it is asserted message size if not trimmed. (Exception
is not getting properly logged, but it is possible to find the message in sun/security/rsa/RSASignature.java
> In the sources of Trilead I see the code, that may trim leading zero byte from the signature.
Signature here is encoded with type and data, so that org.apache.sshd.common.signature.AbstractSignature#extractEncodedSignature
is executed and not-null is returned).
> https://github.com/JetBrains/intellij-community/blob/master/plugins/cvs/trilead-ssh2-build213/src/com/trilead/ssh2/signature/RSASHA1Verify.java#L98
> As you may see from the link this is the way they understand the standard. 
> I checked JSch code, and there is not such a byte trim there. 
> It may mean Mina SSHD should attempt to workaround it and add zero bites back

This message was sent by Atlassian JIRA

View raw message