[jira] [Commented] (SSHD-642) Authentication failed: Signature length not correct: got 255 but was expecting 256

Thu, 11 Feb 2016 10:36:39 -0800 

    [ 
https://issues.apache.org/jira/browse/SSHD-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143219#comment-15143219
 ] 

Goldstein Lyor commented on SSHD-642:
-------------------------------------

I am not sure how you suggest that MINA detect if zeroes are required or not. 
It would help a lot if you could attach a code sample that uses Trilead and 
that *always* fails. Also, if you have a solution in mind, feel free to fork 
the (latest) version from https://github.com/apache/mina-sshd, and then submit 
a pull request with your recommended modification (just make sure that you also 
add a unit test for it + that all the existing unit tests succeed 
un-modified...).

> Authentication failed: Signature length not correct: got 255 but was 
> expecting 256
> ----------------------------------------------------------------------------------
>
>                 Key: SSHD-642
>                 URL: https://issues.apache.org/jira/browse/SSHD-642
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>            Reporter: Eugene Petrenko
>
> This issue I observe with quite low probability. It turns out that RSA 
> signature verification fails and thus SSH key authentication fails. (This is 
> a bit strange that key verification is executed BEFORE signature is checked). 
> In my cases it fails with Trilead SSH2 client. 
> From the code it fails inside JCE where it is asserted message size if not 
> trimmed. (Exception is not getting properly logged, but it is possible to 
> find the message in sun/security/rsa/RSASignature.java file)
> In the sources of Trilead I see the code, that may trim leading zero byte 
> from the signature. Signature here is encoded with type and data, so that 
> org.apache.sshd.common.signature.AbstractSignature#extractEncodedSignature is 
> executed and not-null is returned).
> https://github.com/JetBrains/intellij-community/blob/master/plugins/cvs/trilead-ssh2-build213/src/com/trilead/ssh2/signature/RSASHA1Verify.java#L98
> As you may see from the link this is the way they understand the standard. 
> I checked JSch code, and there is not such a byte trim there. 
> It may mean Mina SSHD should attempt to workaround it and add zero bites back



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to