Add logs inline
11:12:34.947 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] WARN
org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider
- resolveKeyPair(/Users/username/test-ec) Failed (StreamCorruptedException)
to load: Invalid DER: object is not an OID: SEQUENCE
java.io.StreamCorruptedException: Invalid DER: object is not an OID:
SEQUENCE
at
org.apache.sshd.common.util.io.der.ASN1Object.asOID(ASN1Object.java:233)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseCurveParameter(ECDSAPEMResourceKeyPairParser.java:267)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseCurveParameter(ECDSAPEMResourceKeyPairParser.java:238)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.decodeECPrivateKeySpec(ECDSAPEMResourceKeyPairParser.java:220)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.decodeECPrivateKeySpec(ECDSAPEMResourceKeyPairParser.java:163)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseECKeyPair(ECDSAPEMResourceKeyPairParser.java:106)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.parseECKeyPair(ECDSAPEMResourceKeyPairParser.java:90)
at
org.apache.sshd.common.config.keys.loader.pem.ECDSAPEMResourceKeyPairParser.extractKeyPairs(ECDSAPEMResourceKeyPairParser.java:82)
at
org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:198)
at
org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:167)
at
org.apache.sshd.common.config.keys.loader.pem.AbstractPEMResourceKeyPairParser.extractKeyPairs(AbstractPEMResourceKeyPairParser.java:204)
at
org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.loadKeyPairs(AbstractKeyPairResourceParser.java:117)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166)
at
org.apache.sshd.common.config.keys.loader.pem.PEMResourceParserUtils$1.loadKeyPairs(PEMResourceParserUtils.java:53)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:157)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:148)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:139)
at
org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:130)
at
org.apache.sshd.common.util.security.SecurityUtils.loadKeyPairIdentities(SecurityUtils.java:521)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.doReadKeyPairs(AbstractGeneratorHostKeyProvider.java:263)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.readKeyPairs(AbstractGeneratorHostKeyProvider.java:257)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadFromFile(AbstractGeneratorHostKeyProvider.java:221)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.resolveKeyPairs(AbstractGeneratorHostKeyProvider.java:172)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:139)
at
org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:60)
at
org.apache.sshd.common.keyprovider.KeyPairProvider.getKeyTypes(KeyPairProvider.java:139)
at
org.apache.sshd.server.session.AbstractServerSession.resolveAvailableSignaturesProposal(AbstractServerSession.java:384)
at
org.apache.sshd.common.session.helpers.AbstractSession.resolveAvailableSignaturesProposal(AbstractSession.java:2338)
at
org.apache.sshd.common.session.helpers.AbstractSession.sendKexInit(AbstractSession.java:2263)
at
org.apache.sshd.server.session.AbstractServerSession.readIdentification(AbstractServerSession.java:503)
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:382)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:358)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:335)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:332)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$$Lambda$1019/0000000000000000.run(Unknown
Source)
at
java.security.AccessController.doPrivileged(AccessController.java:678)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:555)
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
at
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:429)
at
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:327)
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:320)
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:316)
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:312)
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:308)
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:304)
at
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:303)
at
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:258)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$$Lambda$1019/0000000000000000.run(Unknown
Source)
at
java.security.AccessController.doPrivileged(AccessController.java:678)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:821)
11:12:35.321 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] INFO
org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider
- generateKeyPair(EC) generating host key=nistp521
11:12:35.496 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] DEBUG
org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider
- resolveKeyPair(/Users/username/test-ec) generated EC
key=ecdsa-sha2-nistp521-SHA256:/aXFVkjMv+l1VPeKTQHKvaEVJNpGRM9M1bx6uorECe0
11:12:35.497 [sshd-SshServer[381e93bc](port=2222)-nio2-thread-1] ERROR
org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider
- Overwriting key (/Users/username/test-ec) is disabled: using throwaway
ecdsa-sha2-nistp521: SHA256:/aXFVkjMv+l1VPeKTQHKvaEVJNpGRM9M1bx6uorECe0
On Wed, May 12, 2021 at 11:41 AM Isaac M <isaac....@gmail.com> wrote:
> I've noticed that with bouncy castle enabled and PEM keys being generated.
> The sshd server is unable to load existing EC private keys and always
> generates a throwaway key as seen in the logs. I'm also running ssh-keyscan
> to verify that a new host key is generated with each run of the server.
>
> The ssh server fails to load the same EC private key that was generated on
> the first run of the server
> So, with bouncycastle enabled I always get a new server host key generated
> but I want to re-use the same PEM formatted EC host key after restarts. Is
> there a way to resolve this?
>
>
> public class ServerTest {
> public static void main(String[] args) {
> SshServer sshServer = SshServer.setUpDefaultServer();
>
> sshServer.setHost("0.0.0.0");
> sshServer.setPort(2222);
>
> sshServer.setSubsystemFactories(Collections.singletonList(new
> SftpSubsystemFactory()));
> sshServer.setShellFactory(new ProcessShellFactory("/bin/sh", "-i",
> "-l"));
>
>
> sshServer.setPasswordAuthenticator(AcceptAllPasswordAuthenticator.INSTANCE);
>
>
> sshServer.setKeyPairProvider(SecurityUtils.createGeneratorHostKeyProvider(Paths.get("test-ec")));
> ((AbstractGeneratorHostKeyProvider)
> sshServer.getKeyPairProvider()).setOverwriteAllowed(false);
> sshServer.start();
>
> // truncated the rest of the sample code
>
>
> I've attached a log of the issue.
>
> Thank you,
>
