Re: [I] mina-sshd How does sshClient use the ssh ControlMaster feature [mina-sshd]
tomaswolf closed issue #513: mina-sshd How does sshClient use the ssh ControlMaster feature URL: https://github.com/apache/mina-sshd/issues/513 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] mina-sshd How does sshClient use the ssh ControlMaster feature [mina-sshd]
czldb2 commented on issue #513: URL: https://github.com/apache/mina-sshd/issues/513#issuecomment-2156276842 > ControlMaster is not implemented, and neither are ControlPath nor ControlPersist. > > Depending on your use case, you can just create a session, and then create multiple channels, as you need. Sequentially, or even in parallel. (Unless the server restricts the number of channels somehow, but then you'd also have a problem with ControlMaster connections.) Just keep the session around for as long as you need it. Possibly use heartbeats to prevent the peer from closing the session prematurely. > > If your use case involves multiple processes, you'd have to implement some mechanism akin to ControlMaster and ControlPath yourself. But note that the default NIO2 transport in Apache MINA SSHD uses `AsynchronousSocketChannel`s, which do not support using pre-existing sockets. Perhaps it might be possible to build something using the MINA or Netty transports, or by customizing those. > > (The control master would handle the SSH transport protocol including key exchanges and encryption/decryption, plus authentication, while all the clients of the master would only do the SSH connection (i.e., channel) protocol. The connections between the master and its clients are unencrypted, and thus had better be local. The two protocol layers (transport and connection) are not well separated in Apache MINA SSHD, so this might involve some serious refactoring.) Thank you very much for your reply, which is very helpful to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] mina-sshd How does sshClient use the ssh ControlMaster feature [mina-sshd]
tomaswolf commented on issue #513: URL: https://github.com/apache/mina-sshd/issues/513#issuecomment-2155629562 ControlMaster is not implemented, and neither are ControlPath nor ControlPersist. Depending on your use case, you can just create a session, and then create multiple channels, as you need. Sequentially, or even in parallel. (Unless the server restricts the number of channels somehow, but then you'd also have a problem with ControlMaster connections.) Just keep the session around for as long as you need it. Possibly use heartbeats to prevent the peer from closing the session prematurely. If your use case involves multiple processes, you'd have to implement some mechanism akin to ControlMaster and ControlPath yourself. But note that the default NIO2 transport in Apache MINA SSHD uses `AsynchronousSocketChannel`s, which do not support using pre-existing sockets. Perhaps it might be possible to build something using the MINA or Netty transports, or by customizing those. (The control master would handle the SSH transport protocol including key exchanges and encryption/decryption, plus authentication, while all the clients of the master would only do the SSH connection (i.e., channel) protocol. The connections between the master and its clients are unencrypted, and thus had better be local. The two protocol layers (transport and connection) are not well separated in Apache MINA SSHD, so this might involve some serious refactoring.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Why add "key-strict-c-...@openssh.com" and "key-strict-s-...@openssh.com" in key Algorithms? [mina-sshd]
tomaswolf commented on issue #514: URL: https://github.com/apache/mina-sshd/issues/514#issuecomment-2155053845 This is part of the mitigation against [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795). It was introduced in 2.12.0, so I don't understand what you are writing about version 2.10.0. We're not going to remove it. Especially if you're concerned about security you should _not_ remove it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Why add "key-strict-c-...@openssh.com" and "key-strict-s-...@openssh.com" in key Algorithms? [mina-sshd]
tomaswolf closed issue #514: Why add "key-strict-c-...@openssh.com" and "key-strict-s-...@openssh.com" in key Algorithms? URL: https://github.com/apache/mina-sshd/issues/514 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] Why add "key-strict-c-...@openssh.com" and "key-strict-s-...@openssh.com" in key Algorithms? [mina-sshd]
zhyde2010 opened a new issue, #514: URL: https://github.com/apache/mina-sshd/issues/514 ### Version 2.10.0 ### Bug description We use this software. We have high requirements on algorithm security and specially adjust the algorithm. Actually, we find that "key-strict-c-...@openssh.com is added after the selected algorithm by default. We think we've developed the algorithm, so we don't want to add it to us. ### Actual behavior No matter how we set the key exchange algorithm, key-strict-c-...@openssh.com is appended at the end. ### Expected behavior Do not automatically add key-strict-c-...@openssh.com, or set the algorithm to the user's choice whether to add key-strict-c-...@openssh.com. ### Relevant log output ```Shell mina-sshd/sshd-common/src/main/java/org/apache/sshd/common/kex/extension /KexExtensions.java: public static final String STRICT_KEX_CLIENT_EXTENSION = "kex-strict-c-...@openssh.com"; public static final String STRICT_KEX_SERVER_EXTENSION = "kex-strict-s-...@openssh.com"; sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java @Override protected String resolveSessionKexProposal(String hostKeyTypes) throws IOException { String proposal = super.resolveSessionKexProposal(hostKeyTypes); // see https://tools.ietf.org/html/rfc8308 KexExtensionHandler extHandler = getKexExtensionHandler(); if ((extHandler == null) || (!extHandler.isKexExtensionsAvailable(this, AvailabilityPhase.PROPOSAL))) { return proposal; } String extType = isServerSession() ? KexExtensions.SERVER_KEX_EXTENSION : KexExtensions.CLIENT_KEX_EXTENSION; if (GenericUtils.isEmpty(proposal)) { return extType; } else { return proposal + "," + extType; } ``` ### Other information NA -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] SSH Client Disconnects on Receiving Keepalive Requests [mina-sshd]
ruanwenjun commented on issue #482: URL: https://github.com/apache/mina-sshd/issues/482#issuecomment-2153752493 @coderZoe @tomaswolf Hi, I meet a problem related to the ssh keepalive. My task failed seems due to the ssh channel closed, I am not sure if this is due to the heartbeat miss. ``` exceptionCaught(ClientSessionImpl[cebwmapp@/10.227.23.69:16022])[state=Opened] IOException: Connection reset by peer ``` My code is look like below ``` SshClient sshClient = SshClient.setUpDefaultClient(); sshClient.start(); ClientSession session = sshClient.connect( sshConnectionParam.getUsername(), sshConnectionParam.getHost(), sshConnectionParam.getPort()).verify(timeout).getSession(); String password = sshConnectionParam.getPassword(); if (StringUtils.isNotEmpty(password)) { session.addPasswordIdentity(password); } String privateKey = sshConnectionParam.getPrivateKey(); if (StringUtils.isNotEmpty(privateKey)) { KeyPairResourceLoader loader = SecurityUtils.getKeyPairResourceParser(); Collection keyPairCollection = loader.loadKeyPairs(null, null, null, privateKey); for (KeyPair keyPair : keyPairCollection) { session.addPublicKeyIdentity(keyPair); } } if (!session.auth().verify(Duration.ofSeconds(timeout)).isSuccess()) { throw new RuntimeException("Session auth failed"); } session.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.IGNORE, Duration.ofSeconds(PropertyUtils.getInt("session-connection-heartbeat-interval", 5))); return session; ``` Do I need to add KeepAliveHandler.INSTANCE in globalRequestHandlers to avoid this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] mina-sshd How does sshClient use the ssh ControlMaster feature [mina-sshd]
czldb2 opened a new issue, #513: URL: https://github.com/apache/mina-sshd/issues/513 ![image](https://github.com/apache/mina-sshd/assets/109063690/76afe173-706c-44b0-8e81-f071078daa0e) My program uses sshClient to create a ChannelExec to do things like :"ssh user@ip cmd". I now want to reuse this connection so that I don't have to re-establish the ssh connection the next time I execute "ssh user@ip cmd". How do I achieve this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Make the proxy jump resolver a bit more flexible. [mina-sshd]
tomaswolf closed pull request #477: Make the proxy jump resolver a bit more flexible. URL: https://github.com/apache/mina-sshd/pull/477 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Make the proxy jump resolver a bit more flexible. [mina-sshd]
tomaswolf commented on PR #477: URL: https://github.com/apache/mina-sshd/pull/477#issuecomment-2143923600 Fixed differently via PR #512 (including tests). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-318: fix proxyJumps [mina-sshd]
tomaswolf merged PR #512: URL: https://github.com/apache/mina-sshd/pull/512 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Support for more than one jump host [mina-sshd]
tomaswolf closed issue #318: Support for more than one jump host URL: https://github.com/apache/mina-sshd/issues/318 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] GH-318: fix proxyJumps [mina-sshd]
tomaswolf opened a new pull request, #512: URL: https://github.com/apache/mina-sshd/pull/512 Previous code only parsed the proxy jumps of the initial HostConfigEntry. However, if the last entry in that list has a HostConfigEntry that again has proxy jumps, these additional proxies must be added to the list. And so on. To guard against proxy cascades with loops we limit the total number of proxies to at most 10. The limit is configurable through property CoreModuleProperties.MAX_PROXY_JUMPS. Fixes #318. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Connect to server failed when get session:error: 在一个非套接字上尝试了一个操作 [mina-sshd]
tomaswolf closed issue #312: Connect to server failed when get session:error: 在一个非套接字上尝试了一个操作 URL: https://github.com/apache/mina-sshd/issues/312 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] how to modifying the owner attribute of files and directories uploaded to the Linux system bye mina-sshd sftp-server [mina-sshd]
tomaswolf closed issue #503: how to modifying the owner attribute of files and directories uploaded to the Linux system bye mina-sshd sftp-server URL: https://github.com/apache/mina-sshd/issues/503 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] How to implement SFTP resuming transfer using mina-sshd? [mina-sshd]
tomaswolf closed issue #447: How to implement SFTP resuming transfer using mina-sshd? URL: https://github.com/apache/mina-sshd/issues/447 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf commented on issue #510: URL: https://github.com/apache/mina-sshd/issues/510#issuecomment-2142665312 PR was merged as commit 82e0ed1f. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf closed issue #510: Fix mina full class name in BuiltinIoServiceFactoryFactories URL: https://github.com/apache/mina-sshd/issues/510 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf commented on PR #511: URL: https://github.com/apache/mina-sshd/pull/511#issuecomment-2142664561 Merged as commit 82e0ed1f. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf closed pull request #511: Fix mina full class name in BuiltinIoServiceFactoryFactories URL: https://github.com/apache/mina-sshd/pull/511 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
JinHeap commented on PR #511: URL: https://github.com/apache/mina-sshd/pull/511#issuecomment-2141078742 thanks. then if need me do something, please tell me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf commented on PR #511: URL: https://github.com/apache/mina-sshd/pull/511#issuecomment-2140908858 Thanks. The change is good, but now that this is fixed `DefaultIoServiceFactoryFactoryTest` hangs for MINA during disposal of the partially set up (with mocks) `MinaServiceFactory`. Previously it just skipped the non-existing class. Also, `BuiltinIoServiceFactoryFactoriesTest` should have a test that fails if one of the enum constants has a wrong class name. I.e., a test that would have uncovered the original problem (wrong string). I'll see if I can amend this commit to fix these test issues. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
JinHeap opened a new pull request, #511: URL: https://github.com/apache/mina-sshd/pull/511 Addresses https://github.com/apache/mina-sshd/issues/510 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
JinHeap commented on issue #510: URL: https://github.com/apache/mina-sshd/issues/510#issuecomment-2138824207 > Looks like an obvious bug. Probably this was missed in some earlier refactoring. Want to provide a PR? OK -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
tomaswolf commented on issue #510: URL: https://github.com/apache/mina-sshd/issues/510#issuecomment-2138815644 Looks like an obvious bug. Probably this was missed in some earlier refactoring. Want to provide a PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] Fix mina full class name in BuiltinIoServiceFactoryFactories [mina-sshd]
JinHeap opened a new issue, #510: URL: https://github.com/apache/mina-sshd/issues/510 https://github.com/apache/mina-sshd/blob/37d239e792edabe2008df8e98bf00eef167a147f/sshd-core/src/main/java/org/apache/sshd/common/io/BuiltinIoServiceFactoryFactories.java#L37 full class name in BuiltinIoServiceFactoryFactories for mina is unavailable. I have to modified the code from org.apache.sshd.common.io.mina.MinaServiceFactoryFactory to org.apache.sshd.mina.MinaServiceFactoryFactory in order to run SshClientMain with mina > java -cp * org.apache.sshd.cli.client.SshClientMain -w 1 root@127.0.0.1 -io mina SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. java.lang.RuntimeException: java.lang.ClassNotFoundException: org.apache.sshd.common.io.mina.MinaServiceFactoryFactory at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.getFactoryClass(BuiltinIoServiceFactoryFactories.java:76) at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.create(BuiltinIoServiceFactoryFactories.java:88) at org.apache.sshd.cli.CliSupport.setupIoServiceFactory(CliSupport.java:149) at org.apache.sshd.cli.client.SshClientCliSupport.setupDefaultClient(SshClientCliSupport.java:407) at org.apache.sshd.cli.client.SshClientCliSupport.setupClient(SshClientCliSupport.java:447) at org.apache.sshd.cli.client.SshClientCliSupport.setupClientSession(SshClientCliSupport.java:244) at org.apache.sshd.cli.client.SshClientMain.main(SshClientMain.java:134) Caused by: java.lang.ClassNotFoundException: org.apache.sshd.common.io.mina.MinaServiceFactoryFactory at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.getFactoryClass(BuiltinIoServiceFactoryFactories.java:71) ... 6 more Exception in thread "main" java.lang.RuntimeException: java.lang.ClassNotFoundException: org.apache.sshd.common.io.mina.MinaServiceFactoryFactory at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.getFactoryClass(BuiltinIoServiceFactoryFactories.java:76) at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.create(BuiltinIoServiceFactoryFactories.java:88) at org.apache.sshd.cli.CliSupport.setupIoServiceFactory(CliSupport.java:149) at org.apache.sshd.cli.client.SshClientCliSupport.setupDefaultClient(SshClientCliSupport.java:407) at org.apache.sshd.cli.client.SshClientCliSupport.setupClient(SshClientCliSupport.java:447) at org.apache.sshd.cli.client.SshClientCliSupport.setupClientSession(SshClientCliSupport.java:244) at org.apache.sshd.cli.client.SshClientMain.main(SshClientMain.java:134) Caused by: java.lang.ClassNotFoundException: org.apache.sshd.common.io.mina.MinaServiceFactoryFactory at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at org.apache.sshd.common.io.BuiltinIoServiceFactoryFactories.getFactoryClass(BuiltinIoServiceFactoryFactories.java:71) ... 6 more -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] OsUtils#isAndroid() returns false on WearOS [mina-sshd]
tomaswolf closed issue #499: OsUtils#isAndroid() returns false on WearOS URL: https://github.com/apache/mina-sshd/issues/499 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2137696332 Done in commit 37d239e. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf closed issue #509: BufferException: Underflow error URL: https://github.com/apache/mina-sshd/issues/509 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on PR #507: URL: https://github.com/apache/mina-sshd/pull/507#issuecomment-2137589316 Thanks for the review! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf merged PR #507: URL: https://github.com/apache/mina-sshd/pull/507 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] heartbeat timeout of a session will cause the links of other sessions to be disconnected [mina-sshd]
tomaswolf closed issue #461: heartbeat timeout of a session will cause the links of other sessions to be disconnected URL: https://github.com/apache/mina-sshd/issues/461 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on PR #507: URL: https://github.com/apache/mina-sshd/pull/507#issuecomment-2136694291 Also in the newest change: when TIMEOUT is explicitly set <= 0 and NO_RELY_MAX is not set, set NO_REPLY_MAX to zero. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1618319934 ## CHANGES.md: ## @@ -58,7 +59,39 @@ NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512](https://ww ## Behavioral changes and enhancements -* [GH-468](https://github.com/apache/mina-sshd/issues/468) SFTP: validate length of data received: must not be more than requested +### [GH-461](https://github.com/apache/mina-sshd/issues/461) Fix heartbeats with `wantReply=true` + +The client-side heartbeat mechanism has been updated. Such heartbeats are configured via the +`CoreModuleProperties.HEARTBEAT_INTERVAL` property. If this interval is > 0, heartbeats are sent to +the server. + +Previously these heartbeats could also be configured with a `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` +timeout. If the timeout was <= 0, the client would just send heartbeat requests without expecting any +answers. If the timeout was > 0, the client would send requests with a flag indicating that the server +should reply. The client would then wait for the specified duration for the reply and would terminate +the connection if none was received. + +This old mechanism could cause trouble if the timeout was fairly long and the server was slow to respond. Review Comment: Done. ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,41 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no-reply-max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the previous system, that would have killed the session when +// the Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
gnodet commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617916399 ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,41 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no-reply-max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the previous system, that would have killed the session when +// the Review Comment: This should be reformatted to avoid a single word on a line. ## CHANGES.md: ## @@ -58,7 +59,39 @@ NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512](https://ww ## Behavioral changes and enhancements -* [GH-468](https://github.com/apache/mina-sshd/issues/468) SFTP: validate length of data received: must not be more than requested +### [GH-461](https://github.com/apache/mina-sshd/issues/461) Fix heartbeats with `wantReply=true` + +The client-side heartbeat mechanism has been updated. Such heartbeats are configured via the +`CoreModuleProperties.HEARTBEAT_INTERVAL` property. If this interval is > 0, heartbeats are sent to +the server. + +Previously these heartbeats could also be configured with a `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` +timeout. If the timeout was <= 0, the client would just send heartbeat requests without expecting any +answers. If the timeout was > 0, the client would send requests with a flag indicating that the server +should reply. The client would then wait for the specified duration for the reply and would terminate +the connection if none was received. + +This old mechanism could cause trouble if the timeout was fairly long and the server was slow to respond. Review Comment: Remove `old` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617835398 ## CHANGES.md: ## @@ -58,7 +59,34 @@ NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512](https://ww ## Behavioral changes and enhancements -* [GH-468](https://github.com/apache/mina-sshd/issues/468) SFTP: validate length of data received: must not be more than requested +### [GH-461](https://github.com/apache/mina-sshd/issues/461) Fix heartbeats with `wantReply=true` + +The client-side heartbeat mechanism has been changed. Such heartbeats are configured with an interval +(`CoreModuleProperties.HEARTBEAT_INTERVAL`) > 0. Previously they could also be configured with a timeout +(`CoreModuleProperties.HEARTBEAT_REPLY_WAIT`). If the timeout was <= 0, the client would just send a +heartbeat request, but not expect any answer. However, with a timeout > 0, it would send the request +with a flag telling the server to send back a reply, and then wait for the given duration for the +reply to arrive, and terminate the connection if no reply was forthcoming. + +That could cause trouble if the timeout was fairly long, and the server was slow to respond. If the +timeout was longer than the interval it could also delay subsequent heartbeats. + +Newly, `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` is _deprecated_. There is a new configuration property +`CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX` instead. It defines a limit for how many heartbeats without +reply a session survives. If the value is <= 0, the client still sends heartbeats without expecting +any answer. If > 0, it will request a reply from the server for each heartbeat message, and it will +terminate the connection once there are `CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX` previous heartbeats +for which no reply was received yet. + +This new way to configure heartbeats corresponds to the configuration in OpenSSH via the +`ServerAliveInterval` and `ServerAliveCountMax` options. + +For compatibility with old configurations that do define `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` > 0, +the new code maps this to the new configuration (but only if `CoreModuleProperties.HEARTBEAT_INTERVAL` > 0 +and the new property `CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX` has _not_ been set) by setting +`CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX = (CoreModuleProperties.HEARTBEAT_REPLY_WAIT / CoreModuleProperties.HEARTBEAT_INTERVAL) + 1`. Review Comment: Done. I've taken this as inspiration and have rephrased the description along these lines. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617834559 ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617834382 ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the old system, that would have killed the session when the +// timeout was reached. A slow server that managed to return the reply just before the timeout expired would +// have delayed subsequent heartbeats. The new system will keep sending heartbeats with the given interval. +// Thus we can have timeout / interval heartbeats without reply if we want to approximate the old system. +double timeoutSec = timeout.getSeconds() + (timeout.getNano() / 1_000_000_000.0); +double intervalSec = heartbeatInterval.getSeconds() + (heartbeatInterval.getNano() / 1_000_000_000.0); +double multiple = timeoutSec / intervalSec; +if (multiple >= Integer.MAX_VALUE - 1) { +return Integer.MAX_VALUE; +} else { +return (int) multiple + 1; +} +} +// Timeout is smaller than the interval. We want to have every heartbeat replied to. +return 1; +// This is an approximation. If no reply is forthcoming, the session will newly be killed after the interval. In Review Comment: Done. ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the old system, that would have killed the session when the Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617834119 ## sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java: ## @@ -162,10 +162,21 @@ public final class CoreModuleProperties { /** * Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait * for the reply. If non-positive then no reply is expected (nor requested). + * + * @deprecated since 2.13.0, use {@link #HEARTBEAT_NO_REPLY_MAX} instead */ +@Deprecated Review Comment: The since property does not exist in Java 8. It was introduced in Java 9. ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the old system, that would have killed the session when the +// timeout was reached. A slow server that managed to return the reply just before the timeout expired would +// have delayed subsequent heartbeats. The new system will keep sending heartbeats with the given interval. +// Thus we can have timeout / interval heartbeats without reply if we want to approximate the old system. +double timeoutSec = timeout.getSeconds() + (timeout.getNano() / 1_000_000_000.0); +double intervalSec = heartbeatInterval.getSeconds() + (heartbeatInterval.getNano() / 1_000_000_000.0); +double multiple = timeoutSec / intervalSec; +if (multiple >= Integer.MAX_VALUE - 1) { +return Integer.MAX_VALUE; +} else { +return (int) multiple + 1; +} +} +// Timeout is smaller than the interval. We want to have every heartbeat replied to. +return 1; +// This is an approximation. If no reply is forthcoming, the session will newly be killed after the interval. In +// the old system it would have been killed after the timeout. We _could_ code something to schedule a task that Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617833708 ## sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java: ## @@ -162,10 +162,21 @@ public final class CoreModuleProperties { /** * Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait * for the reply. If non-positive then no reply is expected (nor requested). + * + * @deprecated since 2.13.0, use {@link #HEARTBEAT_NO_REPLY_MAX} instead */ +@Deprecated public static final Property HEARTBEAT_REPLY_WAIT = Property.durationSec("heartbeat-reply-wait", Duration.ofMinutes(5)); +/** + * Key to set the maximum number of heartbeat messages to send without having received a reply. If 0, heartbeat + * messages are sent with a flag that requires the peer to reply. The session will be killed if + * {@code HEARTBEAT_NO_REPLY_MAX} heartbeats have been sent without having received a reply. If = 0, heartbeat + * messages will be sent, but no reply is requested or expected, and the client will not kill the session. + */ Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
gnodet commented on code in PR #507: URL: https://github.com/apache/mina-sshd/pull/507#discussion_r1617742237 ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, +// set it from the timeout. +Integer noReplyValue = CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getOrNull(this); +if (noReplyValue != null) { +return noReplyValue.intValue(); +} +if (timeout.compareTo(heartbeatInterval) >= 0) { +// Timeout is longer than the interval. With the old system, that would have killed the session when the +// timeout was reached. A slow server that managed to return the reply just before the timeout expired would +// have delayed subsequent heartbeats. The new system will keep sending heartbeats with the given interval. +// Thus we can have timeout / interval heartbeats without reply if we want to approximate the old system. +double timeoutSec = timeout.getSeconds() + (timeout.getNano() / 1_000_000_000.0); +double intervalSec = heartbeatInterval.getSeconds() + (heartbeatInterval.getNano() / 1_000_000_000.0); +double multiple = timeoutSec / intervalSec; +if (multiple >= Integer.MAX_VALUE - 1) { +return Integer.MAX_VALUE; +} else { +return (int) multiple + 1; +} +} +// Timeout is smaller than the interval. We want to have every heartbeat replied to. +return 1; +// This is an approximation. If no reply is forthcoming, the session will newly be killed after the interval. In Review Comment: newly -> immediately ? ## sshd-core/src/main/java/org/apache/sshd/client/session/ClientConnectionService.java: ## @@ -55,7 +61,40 @@ public ClientConnectionService(AbstractClientSession s) throws SshException { heartbeatRequest = CoreModuleProperties.HEARTBEAT_REQUEST.getRequired(this); heartbeatInterval = CoreModuleProperties.HEARTBEAT_INTERVAL.getRequired(this); -heartbeatReplyMaxWait = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getRequired(this); +heartbeatMaxNoReply = configureMaxNoReply(); +} + +protected int configureMaxNoReply() { +@SuppressWarnings("deprecation") +Duration timeout = CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getOrNull(this); +if (timeout == null || GenericUtils.isNegativeOrNull(heartbeatInterval) || GenericUtils.isEmpty(heartbeatRequest)) { +return CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX.getRequired(this).intValue(); +} +// The deprecated timeout is configured explicitly. If the new no reply max is _not_ explicitly configured, Review Comment: "no reply max" -> "no-reply-max" so that it's easier to see we're referring to the value ## sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java: ## @@ -162,10 +162,21 @@ public final class CoreModuleProperties { /** * Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait * for the reply. If non-positive then no reply is expected (nor requested). + * + * @deprecated since 2.13.0, use {@link #HEARTBEAT_NO_REPLY_MAX} instead */ +@Deprecated public static final Property HEARTBEAT_REPLY_WAIT = Property.durationSec("heartbeat-reply-wait", Duration.ofMinutes(5)); +/** + * Key to set the maximum number of heartbeat messages to send without having received a reply. If 0, heartbeat + * messages are sent with a flag that requires the peer to reply. The session will be killed if + * {@code HEARTBEAT_NO_REPLY_MAX} heartbeats have been sent without having received a reply. If = 0, heartbeat + * messages will be sent, but no reply is requested or expected, and the client will not kill the session. + */ Review Comment: `@since 2.13.0`
Re: [I] heartbeat timeout of a session will cause the links of other sessions to be disconnected [mina-sshd]
tomaswolf commented on issue #461: URL: https://github.com/apache/mina-sshd/issues/461#issuecomment-2135764945 Any comments on the PR #507? If none, I'll assume it's fine and will merge tomorrow. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2134655636 There is a minor bug in Apache MINA sshd, though: when we request file attributes, we tell the server we're interested in all items: https://github.com/apache/mina-sshd/blob/5a78e6dfe37ec982de8eec7abf449e83b3c984ae/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/AbstractSftpClient.java#L1027-L1029 This sends 0x00_00_FF_FF. But this is not correct. In SFTP >= v4, bit 0x2 MUST NOT be set: > 0x0002 MUST NOT appear in the mask. [draft RFC](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-03#section-5.1) Therefore re-opening to fix this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2134637164 BTW: this is https://github.com/proftpd/proftpd/issues/578 . Was fixed in proftpd [version 1.3.7rc1](https://github.com/proftpd/proftpd/blob/fb6bd090542ee432096df5b136f1b14ec639928e/NEWS#L419) in October 2019. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
nimantha-lakshan commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2134501632 I'll close the issue -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
nimantha-lakshan closed issue #509: BufferException: Underflow error URL: https://github.com/apache/mina-sshd/issues/509 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
nimantha-lakshan commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2134499472 I'm sorry for just attaching a screenshot. This is our internal SFTP server (ProFTPD), which is old. I'll let our team know about this. I managed to avoid the exception by using SFTP version 3 in the client. Thank you very much for your help. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can I design a ssh server with sshd? [mina-sshd]
tomaswolf closed issue #496: Can I design a ssh server with sshd? URL: https://github.com/apache/mina-sshd/issues/496 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can I design a ssh server with sshd? [mina-sshd]
tomaswolf commented on issue #496: URL: https://github.com/apache/mina-sshd/issues/496#issuecomment-2134025276 Use the latest. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] how to modifying the owner attribute of files and directories uploaded to the Linux system bye mina-sshd sftp-server [mina-sshd]
tomaswolf commented on issue #503: URL: https://github.com/apache/mina-sshd/issues/503#issuecomment-2134024573 Apache MINA SSHD is a Java library and has no integration with the Linux user management, and it does not have privilege separation either. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2133926998 Next time please provide the buffer content as copyable text. A screenshot is extremely cumbersome to work with. What server is this? It appears to be broken. If I parse this buffer content as an SFTP v6 SSH_FXP_ATTR packet, I cannot match it against the [draft RFC](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-7). - 0 0 0 69 Length of following data - 105 SSH_FXP_ATTR - 0 0 0 102 Request ID. - 0 0 -1 -1 Flags. hex 0x00_00_FF_FF. Strange that all bits are set. In particular, 0x2 should not occur. - 2 File type; 2 is a directory - 0 0 0 0 0 0 16 0 File size, 0x1000 = 4096 bytes - And now things go wrong: because bit 0x400 is set in the flags, we read the next 8 bytes as "allocation size", but its not present. Instead the buffer continues with - 0 0 0 11 Length of the string following (11 bytes, apparently owner name) - 105 116 101 115 99 111 95 114 111 111 116 = "itesco_root" - 0 0 0 8 String length - 102 116 112 103 114 111 117 112 = "ftpgroup" - ... Because we read an allocation size (due to the wrong flags), we skip 8 bytes and end up reading some of the characters (bytes 99 111 95 114, hex 0x63_6F_5F_72) as a string length, and then the exception occurs. What server is this? It is broken; it sends invalid flags. We cannot do anything about this in the client side. File a bug report against that server, and try to avoid using SFTP v6 for that server: force SFTP v3. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
nimantha-lakshan commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2133819934 SFTP protocol version: 6 ![Screenshot 2024-05-27 at 18 38 36](https://github.com/apache/mina-sshd/assets/45001527/5eb91283-0d85-4eee-9641-8b63a7fb067a) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] BufferException: Underflow error [mina-sshd]
tomaswolf commented on issue #509: URL: https://github.com/apache/mina-sshd/issues/509#issuecomment-2133722091 Which servers? Which SFTP protocol version? Use debug or trace logging to capture the content of the response to the STAT request, then provide the log. (Or run the client with a debug breakpoint in `AbstractSftpClient.readAttributes()` and post the buffer contents as shown in the debugger.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] BufferException: Underflow error [mina-sshd]
nimantha-lakshan opened a new issue, #509: URL: https://github.com/apache/mina-sshd/issues/509 ### Version 2.12.1 ### Bug description ```java Caused by: org.apache.sshd.common.util.buffer.BufferException: Underflow: requested=1668243314, available=39 at org.apache.sshd.common.util.buffer.Buffer.ensureAvailable(Buffer.java:661) ~[sshd-common-2.12.1.jar:2.12.1] at org.apache.sshd.common.util.buffer.ByteArrayBuffer.getString(ByteArrayBuffer.java:241) ~[sshd-common-2.12.1.jar:2.12.1] at org.apache.sshd.common.util.buffer.Buffer.getString(Buffer.java:332) ~[sshd-common-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.impl.AbstractSftpClient.readAttributes(AbstractSftpClient.java:439) ~[sshd-sftp-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.impl.AbstractSftpClient.checkAttributesResponse(AbstractSftpClient.java:331) ~[sshd-sftp-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.impl.AbstractSftpClient.checkAttributes(AbstractSftpClient.java:325) ~[sshd-sftp-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.impl.AbstractSftpClient.stat(AbstractSftpClient.java:990) ~[sshd-sftp-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.fs.SftpClientDirectoryScanner.scan(SftpClientDirectoryScanner.java:125) ~[sshd-sftp-2.12.1.jar:2.12.1] at org.apache.sshd.sftp.client.fs.SftpClientDirectoryScanner.scan(SftpClientDirectoryScanner.java:115) ~[sshd-sftp-2.12.1.jar:2.12.1] ``` code example: ```java private void process(String host, int port, String username, String password, String homePath) throws IOException { try (SshClient sshClient = SshClient.setUpDefaultClient()) { sshClient.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE); sshClient.setHostConfigEntryResolver(HostConfigEntryResolver.EMPTY); sshClient.setKeyIdentityProvider(KeyIdentityProvider.EMPTY_KEYS_PROVIDER); sshClient.start(); // Connect to the SFTP server try (ClientSession session = sshClient.connect(username, host, port).verify(Duration.ofSeconds(30)).getSession()) { session.addPasswordIdentity(password); log.info("Connected to {}:{}. Authenticating...", host, port); var verify = session.auth().verify(Duration.ofSeconds(30)); log.info("Authentication {}", verify.isSuccess() ? "success" : "failure"); try (SftpClient sftpClient = SftpClientFactory.instance().createSftpClient(session)) { var directoryScanner = new SftpClientDirectoryScanner(homePath, "*.csv"); directoryScanner.setCaseSensitive(false); var scan = directoryScanner.scan(sftpClient); // throws error from here } } } } ``` ### Actual behavior SFTP client not working as expected. I'm receiving this error `org.apache.sshd.common.util.buffer.BufferException: Underflow: requested=1668243314, available=39` This happens only with some SFTP servers. ### Expected behavior To resolve this issue ### Relevant log output _No response_ ### Other information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can port forwarding be maintained? Currently, it is closed immediately after forwarding. [mina-sshd]
hengboy closed issue #508: Can port forwarding be maintained? Currently, it is closed immediately after forwarding. URL: https://github.com/apache/mina-sshd/issues/508 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can port forwarding be maintained? Currently, it is closed immediately after forwarding. [mina-sshd]
hengboy commented on issue #508: URL: https://github.com/apache/mina-sshd/issues/508#issuecomment-2132941454 @tomaswolf Thank you very much, the problem is solved -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can port forwarding be maintained? Currently, it is closed immediately after forwarding. [mina-sshd]
hengboy commented on issue #508: URL: https://github.com/apache/mina-sshd/issues/508#issuecomment-2132926938 @tomaswolf ClientSession#close method not called -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Can port forwarding be maintained? Currently, it is closed immediately after forwarding. [mina-sshd]
tomaswolf commented on issue #508: URL: https://github.com/apache/mina-sshd/issues/508#issuecomment-2132825956 You close the SshClient, which closes the session. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] Can port forwarding be maintained? Currently, it is closed immediately after forwarding. [mina-sshd]
hengboy opened a new issue, #508: URL: https://github.com/apache/mina-sshd/issues/508 ### Version 2.12.2 ### Bug description ```java try (SshClient client = SshClient.setUpDefaultClient()) { client.start(); clientSession = client.connect(config.getUsername(), config.getServerIp(), config.getSshPort()).verify().getSession(); boolean result = clientSession.auth().verify().await(); if (!result) { throw new AgentException("Remote server ssh login failed."); } else { log.info("Connection to the remote server [{}] is successful.", config.getServerIp()); // Local and remote port number binding forwarding this.portForwardingTracker = clientSession.createLocalPortForwardingTracker(new SshdSocketAddress(FORWARD_LOCAL_IP, config.getLocalPort()), new SshdSocketAddress(config.getForwardTargetIp(), config.getForwardTargetPort())); log.info("Port forwarding binding is completed, local port : {}, forward IP: {}, forward port : {}", config.getLocalPort(), config.getForwardTargetIp(), config.getForwardTargetPort()); } } catch (Exception e) { throw new AgentException("Remote server port number forwarding failed.", e); } ``` ### Actual behavior sshd logs ``` May 27 06:37:35 node1 sshd[1367281]: Accepted publickey for root from xxx.xxx.xx port 51881 ssh2: ED25519 SHA256:k0velrxirD8HY9rq/GMBqoBI.. May 27 06:37:35 node1 sshd[1367281]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) May 27 06:37:35 node1 systemd-logind[743]: New session 244 of user root. May 27 06:37:35 node1 sshd[1367281]: pam_unix(sshd:session): session closed for user root May 27 06:37:35 node1 systemd-logind[743]: Session 244 logged out. Waiting for processes to exit. May 27 06:37:35 node1 systemd-logind[743]: Removed session 244. ``` ### Expected behavior If the close method is not executed, the forwarding will continue. ### Relevant log output _No response_ ### Other information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] GH-461: Fix heartbeats with wantReply=true [mina-sshd]
tomaswolf opened a new pull request, #507: URL: https://github.com/apache/mina-sshd/pull/507 Switch from a timeout model to the OpenSSH model: fail if there are more than a certain number of heartbeats for which no reply was received yet. Fixes #461. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] SFTP client does not work after it just worked [mina-sshd]
tomaswolf commented on issue #506: URL: https://github.com/apache/mina-sshd/issues/506#issuecomment-2128703009 We're not here to debug your code. Debug your `namespace.data.transfer.SFTPDataTransferService` in isolation. Perhaps the wrong key is used. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] SFTP client does not work after it just worked [mina-sshd]
tomaswolf closed issue #506: SFTP client does not work after it just worked URL: https://github.com/apache/mina-sshd/issues/506 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] SFTP client does not work after it just worked [mina-sshd]
liugongjian opened a new issue, #506: URL: https://github.com/apache/mina-sshd/issues/506 ### Version 2.12.1 ### Bug description Those code below is my demo code. It works fine on local enviroment. But it does not work after deployed to remote server. The log output is shown below. But oddly, after restart the server, it works with no exceptions. And a period later(ussally after when another user logged in and try to upload file to sftp with this), it does not work with error log outputted again. Enviroment: jdk 1.8 resin 4.0.66 Ubuntu 24.04 LTS ``` public void connect() throws IOException { //Security.removeProvider("BC"); SshClient client = SshClient.setUpDefaultClient(); FileKeyPairProvider keyPairProvider = new FileKeyPairProvider(Paths.get(privateKeyPath)); client.setKeyIdentityProvider(keyPairProvider); client.start(); System.out.println("add key to session only with try"); ClientSession session = client.connect(login,server,port).verify().getSession(); session.auth().verify(); //session.setKeyIdentityProvider(keyPairProvider); this.session = session; this.client = client; } public void uploadFile(String sourceFile, String destinationFile) throws IOException { try { SftpClient sftpClient = SftpClientFactory.instance().createSftpClient(session); File tmpFile = new File(sourceFile); String fileName = tmpFile.getName(); String destinationFilePath = destinationFile.endsWith("/") ? destinationFile + fileName : destinationFile + "/" + fileName; SftpClient.Handle handle = sftpClient.open(destinationFilePath, EnumSet.of(SftpClient.OpenMode.Write, SftpClient.OpenMode.Create)); String fileData = new String(Files.readAllBytes(Paths.get(sourceFile)));; sftpClient.write(handle, 0, fileData.getBytes(), 0, fileData.length()); sftpClient.close(handle); sftpClient.close(); if(session.isOpen()){ session.close(true); } if(client.isOpen()){ client.close(); } } catch (IOException e) { throw e; } } ``` And after every transfer task, I disconnect as below: ``` public void disconnect() throws IOException { if (c != null) { c.disconnect(); } if (channel != null) { channel.disconnect(); } if (session != null) { session.disconnect(0,""); session.close(true); session = null; } if(client != null) { client.stop(); client.close(); client = null; } } ``` ### Actual behavior not function well ### Expected behavior function well ### Relevant log output ```Shell org.apache.sshd.common.SshException: No more authentication methods available at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:141) ~[sshd-common-2.12.1.jar:2.12.1] at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:56) ~[sshd-core-2.12.1.jar:2.12.1] at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:35) ~[sshd-core-2.12.1.jar:2.12.1] at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:43) ~[sshd-common-2.12.1.jar:2.12.1] at cx.cocca.utils.SFTPClient.connect(SFTPClient.java:133) ~[classes:?] at cx.cocca.registry.data.transfer.SFTPDataTransferService.testConnection(SFTPDataTransferService.java:31) [classes:?] at cx.cocca.registry.maintenance.EscrowFileUploader.testConnection(EscrowFileUploader.java:82) [classes:?] at cx.cocca.registry.maintenance.ZoneEscrowPartialServlet.testSFTPConnection(ZoneEscrowPartialServlet.java:562) [classes:?] at cx.cocca.registry.maintenance.ZoneEscrowPartialServlet.doPost(ZoneEscrowPartialServlet.java:123) [classes:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:159) [javaee-16.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:97) [javaee-16.jar:?] at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:109) [resin.jar:4.0.66] at
Re: [I] Looking for release date for next release of mina-sshd [mina-sshd]
adelel1 commented on issue #487: URL: https://github.com/apache/mina-sshd/issues/487#issuecomment-2118045648 Hello, any update on this, either a patch release for 2.12 or a 2.13 release? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] The arcfour256 algorithm fails to be configured with a specific mac algorithm [mina-sshd]
tomaswolf commented on issue #493: URL: https://github.com/apache/mina-sshd/issues/493#issuecomment-2116249742 Thank you for your investigations. This is fixed with commit 5a78e6d. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] The arcfour256 algorithm fails to be configured with a specific mac algorithm [mina-sshd]
tomaswolf closed issue #493: The arcfour256 algorithm fails to be configured with a specific mac algorithm URL: https://github.com/apache/mina-sshd/issues/493 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] SessionHelper#signalNegotiationEnd should pass reason through to listener [mina-sshd]
tomaswolf closed issue #504: SessionHelper#signalNegotiationEnd should pass reason through to listener URL: https://github.com/apache/mina-sshd/issues/504 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] issue-504 Pass reason to sessionNegotiationEnd [mina-sshd]
tomaswolf commented on PR #505: URL: https://github.com/apache/mina-sshd/pull/505#issuecomment-2116150530 Thank you! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] issue-504 Pass reason to sessionNegotiationEnd [mina-sshd]
tomaswolf merged PR #505: URL: https://github.com/apache/mina-sshd/pull/505 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] The arcfour256 algorithm fails to be configured with a specific mac algorithm [mina-sshd]
tomaswolf commented on issue #493: URL: https://github.com/apache/mina-sshd/issues/493#issuecomment-2116149268 OK, thank you. Essentially: arcfour256 works only with the `hmac-*-etm` MACs. This is a bug; it's caused by wrong block sizes being set. Yes, arcfour128 and arcfour256 are stream ciphers, but a block size must be set anyway because SSH RFC 4253 insists that > Note that the length of the concatenation of 'packet_length', 'padding_length', 'payload', and 'random padding' MUST be a multiple of the cipher block size or 8, whichever is larger. This constraint MUST be enforced, even when using stream ciphers. [RFC 4253, section 6](https://datatracker.ietf.org/doc/html/rfc4253#page-7) So for arcfour128 and arcfour256, the "blocksize" must be 8. Unfortunately, this is wrong at https://github.com/apache/mina-sshd/blob/71b842f759f9879d7638bed175e5be006d9c0f46/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java#L118 and at https://github.com/apache/mina-sshd/blob/71b842f759f9879d7638bed175e5be006d9c0f46/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java#L129 The last parameter must not be 16 or 32 but 8. arcfour128 works by chance, arcfour256 will fail for small packets. I'll push a fix soon. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Perfomance file transfer [mina-sshd]
tomaswolf commented on issue #485: URL: https://github.com/apache/mina-sshd/issues/485#issuecomment-2115924971 So far I have not enough information to do anything. I have run my own speed tests, and I see no performance problem. Before I can do anything I need to be able to reproduce the problem that you observe. I would need detailed information about your setup: your client-side code, your test setup, what authentication mechanisms and ciphers are used, what's the size of the files, what Java version do you use, what hardware is your client running on, what server are you testing against and on what hardware or virtual machine or container is it running, what is the network latency, what buffer sizes are used, which of the I/O back-ends in Apache MINA SSHD are you using (NIO2, MINA, Netty?), and what is that "jsched" client that you keep mentioning? I have never heard of that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] issue-504 Pass reason to sessionNegotiationEnd [mina-sshd]
duco-lw opened a new pull request, #505: URL: https://github.com/apache/mina-sshd/pull/505 Addresses #504. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Perfomance file transfer [mina-sshd]
benz-ppi commented on issue #485: URL: https://github.com/apache/mina-sshd/issues/485#issuecomment-2115654272 Even with the changes you have suggested, transferring files with the SFTP Apache client software is significantly slower (> factor 3) than transferring files with jsched or winscp. Do you intend to improve the performance of the SFTP Apache client software? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] SessionHelper#signalNegotiationEnd should pass reason through to listener [mina-sshd]
tomaswolf commented on issue #504: URL: https://github.com/apache/mina-sshd/issues/504#issuecomment-2115324310 Thanks for pointing this out. > Would ... break anything? No, it would not. Feel free to provide a PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] SessionHelper#signalNegotiationEnd should pass reason through to listener [mina-sshd]
duco-lw opened a new issue, #504: URL: https://github.com/apache/mina-sshd/issues/504 https://github.com/apache/mina-sshd/blob/71b842f759f9879d7638bed175e5be006d9c0f46/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java#L1149 The `reason` is not passed through to the listener: ``` protected void signalNegotiationEnd( SessionListener listener, Map c2sOptions, Map s2cOptions, Map negotiatedGuess, Throwable reason) { if (listener == null) { return; } listener.sessionNegotiationEnd(this, c2sOptions, s2cOptions, negotiatedGuess, null); } ``` The doc for this says the negotiation is successful if this is null: ``` /** * Signals the end of the negotiation options handling * * @param session The referenced {@link Session} * @param clientProposalThe client proposal options (un-modifiable) * @param serverProposalThe server proposal options (un-modifiable) * @param negotiatedOptions The successfully negotiated options so far - even if exception occurred (un-modifiable) * @param reasonNegotiation end reason - {@code null} if successful */ default void sessionNegotiationEnd( Session session, Map clientProposal, Map serverProposal, Map negotiatedOptions, Throwable reason) { // ignored } ``` https://github.com/apache/mina-sshd/blob/71b842f759f9879d7638bed175e5be006d9c0f46/sshd-core/src/main/java/org/apache/sshd/common/session/SessionListener.java#L151 This looks like this will always be "successful", even in the error case? ``` } catch (IOException | RuntimeException | Error e) { signalNegotiationEnd(c2sOptions, s2cOptions, negotiatedGuess, e); throw e; } ``` https://github.com/apache/mina-sshd/blob/71b842f759f9879d7638bed175e5be006d9c0f46/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java#L2259 Would changing the line from ``` listener.sessionNegotiationEnd(this, c2sOptions, s2cOptions, negotiatedGuess, null); ``` to ``` listener.sessionNegotiationEnd(this, c2sOptions, s2cOptions, negotiatedGuess, reason); ``` break anything? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] incorrect classloading of SecurityProviders [mina-sshd]
jtnord commented on issue #502: URL: https://github.com/apache/mina-sshd/issues/502#issuecomment-2112254784 (of note BouncyCastle also supports ED25519 curves as does JDK > 15) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] incorrect classloading of SecurityProviders [mina-sshd]
jtnord opened a new issue, #502: URL: https://github.com/apache/mina-sshd/issues/502 ### Version 2.12.1 ### Bug description The mina plugin attempts work out if EdDSA is supported using a different classloader than it actually uses for using `EdDSASecurityProviderUtils` leading to `ClassNotFoundExceptions` ### Actual behavior `NoClassDefError` ``` Caused by: java.lang.NoClassDefFoundError: net/i2p/crypto/eddsa/spec/EdDSAParameterSpec at org.apache.sshd.common.util.security.SecurityUtils.getEDDSAPublicKeyEntryDecoder(SecurityUtils.java:580) at org.apache.sshd.common.config.keys.KeyUtils.(KeyUtils.java:187) at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHRSAPrivateKeyDecoder. ``` ### Expected behavior No classloading issues. the code uses the same classloader to load EdDSA as it uses to see if EdDSA is supported. ### Relevant log output ```Shell if you have a non flat classloader (e.g. Jenkins, or any modular app server) then the code has a non reflective way of determining if something is supported or not. e.g. https://github.com/apache/mina-sshd/blob/sshd-2.12.1/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java#L575-L581 we see a call to `isEDDSACurveSupported` before we attempt to use a staic method from the class `EdDSASecurityProviderUtils` However https://github.com/apache/mina-sshd/blob/sshd-2.12.1/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java#L566-L571 looks for the presence of a security provider called "EdDSA" which in no way reflects if the classes are available or not. If the "EdDSA" provider was statically registered in the bootclasspath this would work, however it is generally registered by [`EdDSASecurityProviderRegistrar`](https://github.com/apache/mina-sshd/blob/sshd-2.12.1/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java) As can be seen here https://github.com/apache/mina-sshd/blob/sshd-2.12.1/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java#L88-L101 this uses `ThreadUtils.resolveDefaultClass` to see if the class is available which adds a the Threads contextClassLoader into the mix to see if the class is there. If the class is available in the `contextClassloader` but not the current classload, then it would load as the Provider is created (eventually) [here](https://github.com/apache/mina-sshd/blob/sshd-2.12.1/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityProviderChoice.java#L125-L128) which uses reflection and in the case of this issue the Threads contextClassLoader. The created provider is then registered in the JVM. This provider is then used as the gate for "are the EdDSA classes available" for the regular (current) classloader, which in this case they are not which causes a :boom: whilst it is generally safe to create and Provider dynamically like this, the code that uses the classes from the provider as opposed to the provider itself should take a different approach. Either they also need to be loaded by reflection (yikes), or the check to see if they are available should not use the provider, but should check the actual class is present in the **current** classloader (ie ignore the context classloader). Or providers should not be dynamically registered from a context classloader. ``` ### Other information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] I used the arcfour256 algorithm to connect to the sshserver of mina-sshd and encountered an exception [mina-sshd]
czldb2 commented on issue #493: URL: https://github.com/apache/mina-sshd/issues/493#issuecomment-2111928811 > No idea. I just tested arcfour128 and arcfour256 against an OpenSSH 7.4 server in CentOS 7.9 (2009), and an Apache MINA SSHD 2.13.0-SNAPSHOT client works just fine. Maybe try the latest release 2.12.1, or the 2.13.0-SNAPSHOT available from the Apache snapshot repositories. I found that when using arcfour256 algorithm, if the mac algorithm uses hmac-sha1-...@openssh.com, The hmac-sha2-256-...@openssh.com or hmac-sha2-512-...@openssh.com algorithm will work, but any other mac algorithm will fail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] heartbeat timeout of a session will cause the links of other sessions to be disconnected [mina-sshd]
tomaswolf commented on issue #461: URL: https://github.com/apache/mina-sshd/issues/461#issuecomment-2106274419 Sorry for the long message, but when I looked at this it took me surprisingly long to find my way through the code. I must say I find the implementation of heartbeats _very_ confusing. **TL;DR**: An immediate work-around for the reporter (@d9e7381f ) might be to set `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` to zero. But we should change the implementation, too. **Long version**: First, Apache MINA SSHD resets the session idle timeout whenever a message is received or _is written_. So even sending a heartbeat with `wantReply == false` will reset the idle timeout. So `wantReply == true` makes sense only if one wants to implement the OpenSSH behaviour of `ClientAliveCountMax` or `ServerAliveCountMax`: terminate the connection once that many heartbeats did _not_ get a reply (yet). But for that one doesn't have to wait synchronously for the reply; we have [asynchronous global requests](https://github.com/apache/mina-sshd/blob/master/docs/technical/global_requests.md#api) since version 2.9.0. Second, _heartbeats are implemented twice_: once in `AbstractConnectionService` and then again in `ClientConnectionService`, and _there are two sets of configuration properties_. The server side gets the behaviour of `AbstractConnectionService`. `AbstractConnectionService` is configured with properties `CommonModuleProperties.SESSION_HEARTBEAT_TYPE` (default "NONE", i.e., off) and `CommonModuleProperties.SESSION_HEARTBEAT_INTERVAL` (default 0, i.e. disabled). To enable, one needs to set an interval > 0, and type "IGNORE" or "RESERVED". If the heartbeat type is "IGNORE", it'll send a fire-and-forget SSH_MSG_IGNORE. If the heartbeat type is "RESERVED", it'll invoke a user handler that is supposed to send the heartbeat, and it might choose to do so with a global or channel request with `want-reply == true`. Heartbeats in `ClientConnectionService` have additional configuration properties `CoreModuleProperties.HEARTBEAT_INTERVAL` (default zero, i.e. off), `CoreModuleProperties.HEARTBEAT_REQUEST` (default "keepal...@sshd.apache.org"), and `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` (default **5 minutes**). To enable this kind of heartbeat, set an interval > 0. It'll send a SSH_MSG_GLOBAL_REQUEST for "keepal...@sshd.apache.org", and because HEARTBEAT_REPLY_WAIT > 0, will send it with `wantReply == true` and _will wait synchronously for five minutes_ for a reply to arrive. If no reply arrives in time, kill the SSH session. (If HEARTBEAT_REQUEST_WAIT is <= 0, the request will be sent with `wantReply == false`, i.e., fire-and-forget.) And to complicate matters: if this "global request heartbeat" is off (HEARTBEAT_INTERVAL <= 0), the above behavior from `AbstractConnectionService` kicks in (which is by default disabled). Plus there's an additional quirk: `AbstractConnectionService` does not send heartbeats when a key exchange is ongoing. That was done for [SSHD-1059](https://issues.apache.org/jira/browse/SSHD-1059), and since the "strict KEX" extension ("Terrapin" mitigation) it's crucial because there must not be any SSH_MSG_IGNORE messges during the initial key exchange. The mechanism in `ClientConnectionService` has no such provision, but a SSH_MSG_GLOBAL_REQUEST message will be delayed anyway until an ongoing key exchange is over. This is a mess. There should be only one set of properties governing heartbeats. The two separate mechanisms seem to have existed for a long time, and changing that now would be an API break. The 5 minutes default value comes from commit 14bbd54a5, which was about [SSHD-1020](https://issues.apache.org/jira/browse/SSHD-1020). Reading that discussion the issue seems to have been a low-level network I/O read timeout (NIO2_READ_TIMEOUT) of ~10 min, and HEARTBEAT_REPLY_WAIT = 0. So even though the client sent keep-alives every 90 sec, and the SSH idle timeout got reset, the session got killed because nothing was received for 10min because the server never sent any reply to these heartbeats because none was asked for. The solution was to set NIO2_READ_TIMEOUT = 0 (no timeout for low-level I/O reads) and that huge HEARTBEAT_REPLY_WAIT. An immediate work-around for the reporter might be to set `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` to zero. That should work if there is no low-level read timeout (NIO2_READ_TIMEOUT = 0). But we should re-think this mechanism anyway. I propose to change this to follow the path taken by OpenSSH: * Ignore `CoreModuleProperties.HEARTBEAT_REPLY_WAIT` (and deprecate it now). * Introduce a `CoreModuleProperties.HEARTBEAT_NO_REPLY_MAX`: an integer, as in OpenSSH's `ServerAliveCountMax`. I.e., maximum number of heartbeats to send without having gotten a reply. If
Re: [PR] DIRMINA-1173 [mina]
elecharny commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597523524 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: I missed the MSS part. Ok, so makes sense to keep the parameter as is, but I do agree that *not* setting a default at all would be a better option. At least, you let the developer makes a choice depending on what they actually measure. Thanks Jon! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
jon-valliere commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597516034 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: See https://en.wikipedia.org/wiki/Nagle%27s_algorithm Nagle only really applies for when the packets are smaller than the MSS which is usually 1280 bytes. AFAIK only the HELLO message in TLS HS is smaller than this; all other messages SHOULD be aggregated together by the SSL layer. There IS a _well known_ interaction with Nagle and Delayed Ack which can cause Nagle to be worse than it would be by itself. What is the order of delays you are seeing? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
jon-valliere commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597513918 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: In my other IO framework, all of the TCP/SOCK options all have `unset` states where the framework code will not call the SOCK configuration at all and allow the OS defaults to be applied. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
elecharny commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597513323 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: Not arguing here, I will revert but... I do think that this flag should be opt-in, ie the Nagle algorithm should be disabled by default. The use cases were it's useful are not really the most frequent, and the drawbacks are numerous. If the default sendBuffer size is set to 64Ko, then you have a delayed for every packet that has a lower number of bytes to transfert. if you set the sendBuffer size to a lower value, then you are sending way more packet than needed. In any case, if you are to send some data that span on more than one packet, and the last packet is not completed, then you'll pay a 200ms delay every time. Not very cool. With Gigabits connections, sending a lot of packets is not really an issue anymore, except on heavily loaded applications that aren't interactive (HTTP may enter into this category, but with REST application, I would argue that an immediate sending is a plus). Regarding LDAP, requests are small there is no interest in differing the packet sendings, so yes, I'm likely to deactivate the Nagle Algorithm. Seems like on Linux they have added the TCP_CORK parameter to let the sender decide when to send the data, bypassing the Nagle's algorithm completely, and also solving the context switching pb at the same time (somehow it's a way to say "you're responsability, not teh OS one", and I tend to agree). Sadly, this is not portable, so currently it's not an option. Last, not least, for TLS HS, Nagle's Algorithm is delaying the whole negociation, which is a real PITA... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Memory Leak When SftpFileSystemProvider newInputStream get a Exception [mina-sshd]
tomaswolf closed issue #500: Memory Leak When SftpFileSystemProvider newInputStream get a Exception URL: https://github.com/apache/mina-sshd/issues/500 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] GH-500: SftpFileSystemProvider: close SftpClient on exception [mina-sshd]
tomaswolf merged PR #501: URL: https://github.com/apache/mina-sshd/pull/501 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
jon-valliere commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597475482 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: Disabling Nagle by default may create context switching performance hits in certain applications. Any situation where you may invoke more than one write in sequence, receives performance boosts from the way the IO scheduler works in TCP because it can produce MORE packets in a single go and does not have to be woken up as often. The OS itself does not disable Nagle by default and I do not think we should make this decision for the end user. As long as they can configure it, I think the default should be `unset` (to allow the OS default to apply). If other applications, built on MINA, want to configure a new default then it is up to them. For SSHD or Apache Directory, if you want to disable Nagle there, that is fine. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
elecharny commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597473106 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: Hi @jon-valliere, just read this blog post: https://brooker.co.za/blog/2024/05/09/nagle.html Somehow, Nagle's algorithm is a thing of the past (ie when we were dealing with terminals over slow connections). In MINA's context, and if we except SSHD, I do think that the default to disable Nagle's algorithm actually makes sense. Most of MINA based application don't deal with char by char communication, rather with quite big chunks of data, so there is little need to wait for an ACK from the server. Anyway, this is configurable, so I guess it should not be a big deal. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] GH-500: SftpFileSystemProvider: close SftpClient on exception [mina-sshd]
tomaswolf opened a new pull request, #501: URL: https://github.com/apache/mina-sshd/pull/501 If client.read() or client.write() throw an exception, the client must be closed. Fixes #500. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
jon-valliere commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597451055 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: Hey @elecharny I'm not sure this is a good idea. If we want todo this also, I think it should be as part of a separate PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] DIRMINA-1173 [mina]
jon-valliere commented on code in PR #44: URL: https://github.com/apache/mina/pull/44#discussion_r1597451055 ## mina-core/src/main/java/org/apache/mina/transport/socket/DefaultSocketSessionConfig.java: ## @@ -37,7 +37,7 @@ public class DefaultSocketSessionConfig extends AbstractSocketSessionConfig { private static final int DEFAULT_SO_LINGER = -1; -private static final boolean DEFAULT_TCP_NO_DELAY = false; +private static final boolean DEFAULT_TCP_NO_DELAY = true; // Disable Nagle algorithm by default Review Comment: Hey @elecharny I'm not sure this is a good idea -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [PR] Implement the "sntrup761x25519-sha...@openssh.com" KEX method [mina-sshd]
tomaswolf merged PR #498: URL: https://github.com/apache/mina-sshd/pull/498 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] OsUtils#isAndroid() returns false on WearOS [mina-sshd]
tomaswolf commented on issue #499: URL: https://github.com/apache/mina-sshd/issues/499#issuecomment-2105658175 I think this was fixed in #476. Please try the 2.13.0-SNAPSHOT version available from the [Apache Snapshot](https://repository.apache.org/content/repositories/snapshots) maven repository. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] Memory Leak When SftpFileSystemProvider newInputStream get a Exception [mina-sshd]
detective0922 opened a new issue, #500: URL: https://github.com/apache/mina-sshd/issues/500 ### Version V2.8.0 ### Bug description I checked the https://github.com/apache/mina-sshd/issues/294 and merge the fix code to V2.8.0 That fixed the old issue, but there is still a issue here. If a exception happen in FilterInputStream init, for example, a "No such file" exception happen in init of FilterInputStream `return new FilterInputStream(client.read(p.toString(), modes)) ` then it will not call the "client.close()", so SftpClient will not close and keep increasing, finally lead to a OOM 2024-05-11 12:00:02,311 INFO [LoggerStream] - SFTP error (SSH_FX_NO_SUCH_FILE): No such file 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.AbstractSftpClient.throwStatusException(AbstractSftpClient.java:217) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.AbstractSftpClient.checkAttributesResponse(AbstractSftpClient.java:306) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.AbstractSftpClient.checkAttributes(AbstractSftpClient.java:284) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.AbstractSftpClient.stat(AbstractSftpClient.java:1001) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.SftpInputStreamAsync.(SftpInputStreamAsync.java:69) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.impl.AbstractSftpClient.read(AbstractSftpClient.java:1189) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.fs.SftpFileSystem$Wrapper.read(SftpFileSystem.java:491) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.fs.SftpFileSystem$Wrapper.read(SftpFileSystem.java:483) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at org.apache.sshd.sftp.client.fs.SftpFileSystemProvider.newInputStream(SftpFileSystemProvider.java:525) 2024-05-11 12:00:02,311 INFO [LoggerStream] - at java.nio.file.Files.newInputStream(Files.java:152) ``` @Override public InputStream newInputStream(Path path, OpenOption... options) throws IOException { Collection modes = OpenMode.fromOpenOptions(Arrays.asList(options)); if (modes.isEmpty()) { modes = EnumSet.of(OpenMode.Read); } SftpPath p = toSftpPath(path); //return p.getFileSystem().getClient().read(p.toString(), modes); SftpClient client = p.getFileSystem().getClient(); return new FilterInputStream(client.read(p.toString(), modes)) { //line 525 @Override public void close() throws IOException { try { super.close(); } finally { client.close(); } } }; } ``` ### Actual behavior Memory leak happen ### Expected behavior No Memory Leak ### Relevant log output _No response_ ### Other information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] OsUtils#isAndroid() returns false on WearOS [mina-sshd]
Brad1944 opened a new issue, #499: URL: https://github.com/apache/mina-sshd/issues/499 ### Version 2.12.1 ### Bug description I noticed that ExceptionUtils#peelException() returns a somewhat weird exception on my GW6 (java.lang.NoClassDefFoundError: Failed resolution of: Ljavax/management/ReflectionException), after digging into its code I found that this code got triggered when its not supposed to ```java // Android does not have these classes if (!OsUtils.isAndroid()) { if (t instanceof ReflectionException) { Throwable target = ((ReflectionException) t).getTargetException(); if (target != null) { return peelException(target); } } else if (t instanceof MBeanException) { Throwable target = ((MBeanException) t).getTargetException(); if (target != null) { return peelException(target); } } } ``` After inspecting it by debug logs, I found out that OsUtils#isAndroid() returns false when its supposed to be true ### Actual behavior It returns false ### Expected behavior It returns true? ### Relevant log output ```Shell FATAL EXCEPTION: main Process: top.apip.sftpserver, PID: 27567 java.lang.NoClassDefFoundError: Failed resolution of: Ljavax/management/ReflectionException; at org.apache.sshd.common.util.ExceptionUtils.peelException(ExceptionUtils.java:126) at org.apache.sshd.common.util.ExceptionUtils.peelException(ExceptionUtils.java:118) at org.apache.sshd.common.util.security.SecurityEntityFactory$1.getInstance(SecurityEntityFactory.java:93) at org.apache.sshd.common.util.security.SecurityUtils.getKeyAgreement(SecurityUtils.java:772) at org.apache.sshd.common.kex.MontgomeryCurve.(MontgomeryCurve.java:121) at org.apache.sshd.common.kex.MontgomeryCurve.(MontgomeryCurve.java:95) at org.apache.sshd.common.kex.BuiltinDHFactories$13.isSupported(BuiltinDHFactories.java:260) at org.apache.sshd.common.NamedFactory.lambda$setUpTransformedFactories$0(NamedFactory.java:54) at org.apache.sshd.common.NamedFactory$$ExternalSyntheticLambda0.test(D8$$SyntheticClass:0) at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:184) at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:475) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:236) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:517) at org.apache.sshd.common.NamedFactory.setUpTransformedFactories(NamedFactory.java:56) at org.apache.sshd.server.ServerBuilder.setUpDefaultKeyExchanges(ServerBuilder.java:178) at org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:119) at org.apache.sshd.server.ServerBuilder.fillWithDefaultValues(ServerBuilder.java:58) at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:273) at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:151) at org.apache.sshd.server.ServerBuilder.build(ServerBuilder.java:58) at org.apache.sshd.common.BaseBuilder.build(BaseBuilder.java:297) at org.apache.sshd.server.SshServer.setUpDefaultServer(SshServer.java:442) at top.apip.sftpserver.presentation.MainActivityKt.SetupSftpServer(MainActivity.kt:135) at top.apip.sftpserver.presentation.ComposableSingletons$MainActivityKt$lambda-1$1.invoke(MainActivity.kt:67) at top.apip.sftpserver.presentation.ComposableSingletons$MainActivityKt$lambda-1$1.invoke(MainActivity.kt:66) at androidx.compose.runtime.internal.ComposableLambdaImpl.invoke(ComposableLambda.jvm.kt:108) at androidx.compose.runtime.internal.ComposableLambdaImpl.invoke(ComposableLambda.jvm.kt:35) at androidx.compose.ui.platform.ComposeView.Content(ComposeView.android.kt:428) at androidx.compose.ui.platform.AbstractComposeView$ensureCompositionCreated$1.invoke(ComposeView.android.kt:252) at androidx.compose.ui.platform.AbstractComposeView$ensureCompositionCreated$1.invoke(ComposeView.android.kt:251) at androidx.compose.runtime.internal.ComposableLambdaImpl.invoke(ComposableLambda.jvm.kt:108) at androidx.compose.runtime.internal.ComposableLambdaImpl.invoke(ComposableLambda.jvm.kt:35) at androidx.compose.runtime.CompositionLocalKt.CompositionLocalProvider(CompositionLocal.kt:228) at androidx.compose.ui.platform.CompositionLocalsKt.ProvideCommonCompositionLocals(CompositionLocals.kt:195) at
Re: [I] Support for Java 9+ modules [mina-sshd]
rich7409 commented on issue #497: URL: https://github.com/apache/mina-sshd/issues/497#issuecomment-2104406846 Thanks for the tip. Excluding core and common and using osgi instead has stopped it complaining about the modules. I'll look forward to future versions with full module support. We're a lot of releases since Java 9 first came out but it's still a struggle with the modules because quite a few third party libraries don't have them included. I'm still not sure my code is working properly when they are enforced. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Support for Java 9+ modules [mina-sshd]
rich7409 closed issue #497: Support for Java 9+ modules URL: https://github.com/apache/mina-sshd/issues/497 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Support for Java 9+ modules [mina-sshd]
tomaswolf commented on issue #497: URL: https://github.com/apache/mina-sshd/issues/497#issuecomment-2104142524 I agree this is a mess. That split into core and common was done in an awkward way that introduced split packages. Those are problematic not only with the Java module system but also in OSGi. There is the `org.apache.sshd.osgi` artifact; it avoids this split package problem by re-combining core and common into one. For OSGi that works; it might also work for Java modules. However, if you use not OSGi with package imports only but a plain "fat jar" platform, you should probably override dependencies of other bundles (for instance, of "sftp") by excluding the "core" and "common" dependencies and adding the "osgi" dependency instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[PR] Implement the "sntrup761x25519-sha...@openssh.com" KEX method [mina-sshd]
tomaswolf opened a new pull request, #498: URL: https://github.com/apache/mina-sshd/pull/498 This uses a post-quantum key encapsulation method (KEM) to make key exchange future-proof against quantum attacks. It is to be preferred over curve25519-sha256 "when the extra communication size and computational requirements are acceptable."[1] (curve25519-sha256 exchanged 32 bytes where sntrup761x25519-sha512 exchanges 1190 or 1071 bytes.) This KEX method changes the encoding of the key from 'mpint' to 'string'. To make the handling of the K value more uniform, change it to 'string' everywhere, and convert mpints with the high bit set explicitly by prepending a zero byte. Separate the digest from MontgomeryCurve; handle combining curves and hashes (and KEMs) in the BuiltinDHFactories instead. In the BaseBuilder, add "sntrup761x25519-sha...@openssh.com" as first (i.e., preferred) KEX algorithm. [1] https://www.ietf.org/archive/id/draft-josefsson-ntruprime-ssh-02.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[I] Support for Java 9+ modules [mina-sshd]
rich7409 opened a new issue, #497: URL: https://github.com/apache/mina-sshd/issues/497 ### Description Hello. I'm trying to switch over from JSch to Mina SSHD but it's playing havoc with the Java 9 module system. There are packages in both sshd-core and sshd-common, and the modules system won't play ball with that. For example: error: module spring.integration.sftp reads package org.apache.sshd.common.auth from both org.apache.sshd.core and org.apache.sshd.common Do you have plans to make a Java 9 or greater release of SSHD that has full module-info.java in each part of the system? Thanks, Richard. ### Motivation To be able to use Mina SSHD with Java9+ module path without errors. ### Alternatives considered Forking and moving the classes myself, then building with module-info.java in the source and building for Java 11. ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
Re: [I] Enable ssh-dss algorighthm through system variable [mina-sshd]
abhikt48 commented on issue #483: URL: https://github.com/apache/mina-sshd/issues/483#issuecomment-2101048025 Can anyone please update on this ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org