Add logs inline 11:12:34.947 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] WARN org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider - resolveKeyPair(/Users/username/test-ec) Failed (StreamCorruptedException) to load: Invalid DER: object is not an OID: SEQUENCE java.io.StreamCorruptedException: Invalid DER: object is not an OID: SEQUENCE at org.apache.sshd.common.util.io.der.ASN1Object.asOID(ASN1Object.java:233) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseCurveParameter(ECDSAPEMResourceKeyPairParser.java:267) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseCurveParameter(ECDSAPEMResourceKeyPairParser.java:238) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.decodeECPrivateKeySpec(ECDSAPEMResourceKeyPairParser.java:220) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.decodeECPrivateKeySpec(ECDSAPEMResourceKeyPairParser.java:163) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseECKeyPair(ECDSAPEMResourceKeyPairParser.java:106) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseECKeyPair(ECDSAPEMResourceKeyPairParser.java:90) at org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.extractKeyPairs(ECDSAPEMResourceKeyPairParser.java:82) at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:198) at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:167) at org.apache.sshd.common.config.keys.loader.pem.AbstractPEMResourceKeyPairParser.extractKeyPairs(AbstractPEMResourceKeyPairParser.java:204) at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.loadKeyPairs(AbstractKeyPairResourceParser.java:117) at org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166) at org.apache.sshd.common.config.keys.loader.pem.PEMResourceParserUtils$1.loadKeyPairs(PEMResourceParserUtils.java:53) at org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166) at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:157) at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:148) at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:139) at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:130) at org.apache.sshd.common.util.security.SecurityUtils.loadKeyPairIdentities(SecurityUtils.java:521) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.doReadKeyPairs(AbstractGeneratorHostKeyProvider.java:263) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.readKeyPairs(AbstractGeneratorHostKeyProvider.java:257) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadFromFile(AbstractGeneratorHostKeyProvider.java:221) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.resolveKeyPairs(AbstractGeneratorHostKeyProvider.java:172) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:139) at org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:60) at org.apache.sshd.common.keyprovider.KeyPairProvider.getKeyTypes(KeyPairProvider.java:139) at org.apache.sshd.server.session.AbstractServerSession.resolveAvailableSignaturesProposal(AbstractServerSession.java:384) at org.apache.sshd.common.session.helpers.AbstractSession.resolveAvailableSignaturesProposal(AbstractSession.java:2338) at org.apache.sshd.common.session.helpers.AbstractSession.sendKexInit(AbstractSession.java:2263) at org.apache.sshd.server.session.AbstractServerSession.readIdentification(AbstractServerSession.java:503) at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:382) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:358) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:335) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:332) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$$Lambda$1019/0000000000000000.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:678) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:555) at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276) at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297) at org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:429) at org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:327) at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:320) at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:316) at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:312) at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:308) at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:304) at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:303) at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:258) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$$Lambda$1019/0000000000000000.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:678) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:821) 11:12:35.321 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] INFO org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider - generateKeyPair(EC) generating host key=nistp521 11:12:35.496 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] DEBUG org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider - resolveKeyPair(/Users/username/test-ec) generated EC key=ecdsa-sha2-nistp521-SHA256:/aXFVkjMv+l1VPeKTQHKvaEVJNpGRM9M1bx6uorECe0 11:12:35.497 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] ERROR org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider - Overwriting key (/Users/username/test-ec) is disabled: using throwaway ecdsa-sha2-nistp521: SHA256:/aXFVkjMv+l1VPeKTQHKvaEVJNpGRM9M1bx6uorECe0
On Wed, May 12, 2021 at 11:41 AM Isaac M <isaac....@gmail.com> wrote: > I've noticed that with bouncy castle enabled and PEM keys being generated. > The sshd server is unable to load existing EC private keys and always > generates a throwaway key as seen in the logs. I'm also running ssh-keyscan > to verify that a new host key is generated with each run of the server. > > The ssh server fails to load the same EC private key that was generated on > the first run of the server > So, with bouncycastle enabled I always get a new server host key generated > but I want to re-use the same PEM formatted EC host key after restarts. Is > there a way to resolve this? > > > public class ServerTest { > public static void main(String[] args) { > SshServer sshServer = SshServer.setUpDefaultServer(); > > sshServer.setHost("0.0.0.0"); > sshServer.setPort(2222); > > sshServer.setSubsystemFactories(Collections.singletonList(new > SftpSubsystemFactory())); > sshServer.setShellFactory(new ProcessShellFactory("/bin/sh", "-i", > "-l")); > > > sshServer.setPasswordAuthenticator(AcceptAllPasswordAuthenticator.INSTANCE); > > > sshServer.setKeyPairProvider(SecurityUtils.createGeneratorHostKeyProvider(Paths.get("test-ec"))); > ((AbstractGeneratorHostKeyProvider) > sshServer.getKeyPairProvider()).setOverwriteAllowed(false); > sshServer.start(); > > // truncated the rest of the sample code > > > I've attached a log of the issue. > > Thank you, >