Repository: mina-sshd Updated Branches: refs/heads/master 595858815 -> 4d794e5e8
[SSHD-397] Added more detailed log messages about the KEX negotiation process Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/63a54ea7 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/63a54ea7 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/63a54ea7 Branch: refs/heads/master Commit: 63a54ea7f9903175c382d9fda39672fdb7919071 Parents: 5958588 Author: Guillaume Nodet <[email protected]> Authored: Tue Jan 13 16:47:03 2015 +0100 Committer: Guillaume Nodet <[email protected]> Committed: Tue Jan 13 16:47:03 2015 +0100 ---------------------------------------------------------------------- .../org/apache/sshd/common/SshConstants.java | 22 ++++++++++ .../sshd/common/session/AbstractSession.java | 43 ++++++++++++-------- 2 files changed, 48 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/63a54ea7/sshd-core/src/main/java/org/apache/sshd/common/SshConstants.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/SshConstants.java b/sshd-core/src/main/java/org/apache/sshd/common/SshConstants.java index bf4b55e..648ec88 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/SshConstants.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/SshConstants.java @@ -18,6 +18,10 @@ */ package org.apache.sshd.common; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + /** * This interface defines constants for the SSH protocol. * @@ -95,6 +99,24 @@ public interface SshConstants { static final int PROPOSAL_LANG_STOC = 9; static final int PROPOSAL_MAX = 10; + /** + * User-friendly names for the KEX algorithms negotiation items - the + * list index matches the {@code PROPOSAL_XXX} constant + * @see <A HREF="http://tools.ietf.org/html/rfc4253#section-7.1";>RFC-4253 - section 7.1</A> + */ + static final String[] PROPOSAL_KEX_NAMES = { + "kex algorithms", + "server host key algorithms", + "encryption algorithms (client to server)", + "encryption algorithms (server to client)", + "mac algorithms (client to server)", + "mac algorithms (server to client)", + "compression algorithms (client to server)", + "compression algorithms (server to client)", + "languages (client to server)", + "languages (server to client)" + }; + // // Disconnect error codes http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/63a54ea7/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java index a62b1cb..ddb3058 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java @@ -1127,8 +1127,11 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea protected void negotiate() { String[] guess = new String[SshConstants.PROPOSAL_MAX]; for (int i = 0; i < SshConstants.PROPOSAL_MAX; i++) { - String[] c = clientProposal[i].split(","); - String[] s = serverProposal[i].split(","); + String paramName = SshConstants.PROPOSAL_KEX_NAMES[i]; + String clientParamValue = clientProposal[i]; + String serverParamValue = serverProposal[i]; + String[] c = clientParamValue.split(","); + String[] s = serverParamValue.split(","); for (String ci : c) { for (String si : s) { if (ci.equals(si)) { @@ -1140,27 +1143,33 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea break; } } - if (guess[i] == null && i != SshConstants.PROPOSAL_LANG_CTOS && i != SshConstants.PROPOSAL_LANG_STOC) { - final String[] items = new String[] { - "kex algorithms", - "server host key algorithms", - "encryption algorithms (client to server)", - "encryption algorithms (server to client)", - "mac algorithms (client to server)", - "mac algorithms (server to client)", - "compression algorithms (client to server)", - "compression algorithms (server to client)" - }; - throw new IllegalStateException("Unable to negotiate key exchange for " + items[i] + - " (client: " + clientProposal[i] + " / server: " + serverProposal[i] + ")"); + + // check if reached an agreement + if (guess[i] == null) { + String message="Unable to negotiate key exchange for " + paramName + + " (client: " + clientParamValue + " / server: " + serverParamValue + ")"; + // OK if could not negotiate languages + if ((i != SshConstants.PROPOSAL_LANG_CTOS) && (i != SshConstants.PROPOSAL_LANG_STOC)) { + throw new IllegalStateException(message); + } else { + if (log.isTraceEnabled()) { + log.trace(message); + } + } + } else { + if (log.isTraceEnabled()) { + log.trace("Kex: negotiate(" + paramName + ") guess=" + guess[i] + + " (client: " + clientParamValue + " / server: " + serverParamValue); + } } } negotiated = guess; - log.info("Kex: server->client {} {} {}", + + log.debug("Kex: server->client {} {} {}", new Object[]{negotiated[SshConstants.PROPOSAL_ENC_ALGS_STOC], negotiated[SshConstants.PROPOSAL_MAC_ALGS_STOC], negotiated[SshConstants.PROPOSAL_COMP_ALGS_STOC]}); - log.info("Kex: client->server {} {} {}", + log.debug("Kex: client->server {} {} {}", new Object[]{negotiated[SshConstants.PROPOSAL_ENC_ALGS_CTOS], negotiated[SshConstants.PROPOSAL_MAC_ALGS_CTOS], negotiated[SshConstants.PROPOSAL_COMP_ALGS_CTOS]});
