[
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guillaume Nodet resolved SSHD-330.
----------------------------------
Resolution: Fixed
Fix Version/s: 0.12.0
Assignee: Guillaume Nodet
https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=commit;h=2aed686bdb21681a421033c6ee5997e5cd8a9a83
> Handshake fails (wrong shared secret) 1 out of 256 times
> --------------------------------------------------------
>
> Key: SSHD-330
> URL: https://issues.apache.org/jira/browse/SSHD-330
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Pasi Eronen
> Assignee: Guillaume Nodet
> Fix For: 0.12.0
>
>
> The shared secret returned by KeyAgreement.generateSecret() is a byte array,
> which can (by chance, roughly 1 out of 256 times) begin with zero byte. In
> SSH, the shared secret is an integer, so we need to strip the leading
> zero(es).
> Some JCE providers might strip leading zeroes, though. SunJCE used to do this
> in Java 6, I think, but not anymore in Java 7 -- and there was an almost
> identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS
> implementation in early Java 7 versions (see
> http://bugs.java.com/view_bug.do?bug_id=8014618).
> Pull request here:
> https://github.com/apache/mina-sshd/pull/5
> How to reproduce with OpenSSH client (assuming Mina SSH server running in
> port 9922):
> for x in {1..500}; do sshpass -p wrong ssh -p9922
> -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done
> for x in {1..500}; do sshpass -p wrong ssh -p9922
> -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done
--
This message was sent by Atlassian JIRA
(v6.2#6252)
