[
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044406#comment-14044406
]
Charles O'Farrell commented on SSHD-330:
----------------------------------------
We just hit this in Stash - just going to post the keywords "key_verify failed
for server_host_key" just in case some other poor sucker hits this and can't
find it on Google.
Just out of curiosity are there any plans for releasing 2.12.0 and/or
backporting to 2.11 or older?
Cheers!
> Handshake fails (wrong shared secret) 1 out of 256 times
> --------------------------------------------------------
>
> Key: SSHD-330
> URL: https://issues.apache.org/jira/browse/SSHD-330
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Pasi Eronen
> Assignee: Guillaume Nodet
> Fix For: 0.12.0
>
>
> The shared secret returned by KeyAgreement.generateSecret() is a byte array,
> which can (by chance, roughly 1 out of 256 times) begin with zero byte. In
> SSH, the shared secret is an integer, so we need to strip the leading
> zero(es).
> Some JCE providers might strip leading zeroes, though. SunJCE used to do this
> in Java 6, I think, but not anymore in Java 7 -- and there was an almost
> identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS
> implementation in early Java 7 versions (see
> http://bugs.java.com/view_bug.do?bug_id=8014618).
> Pull request here:
> https://github.com/apache/mina-sshd/pull/5
> How to reproduce with OpenSSH client (assuming Mina SSH server running in
> port 9922):
> for x in {1..500}; do sshpass -p wrong ssh -p9922
> -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done
> for x in {1..500}; do sshpass -p wrong ssh -p9922
> -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done
--
This message was sent by Atlassian JIRA
(v6.2#6252)
