[
https://issues.apache.org/jira/browse/SSHD-886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Goldstein Lyor reassigned SSHD-886:
-----------------------------------
Assignee: Goldstein Lyor
> unable to connect from AIX 7.2, contains workaround
> ---------------------------------------------------
>
> Key: SSHD-886
> URL: https://issues.apache.org/jira/browse/SSHD-886
> Project: MINA SSHD
> Issue Type: Bug
> Environment: AIX 7.2 openssh client attempting connection to
> Bitbucket 5.16.0 containing Mina 2.0.19
> Reporter: Antony Suter
> Assignee: Goldstein Lyor
> Priority: Major
>
> There is a potential bug in Mina in handling a custom SSH packet type 106.
> "Unassigned" according to
> [https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml]
> My scenario is attempting to git clone from the ssh server inside Bitbucket
> 5.16.0, which is Mina 2.0.19.
> On Linux if I set:
> {{export GIT_SSH_COMMAND="ssh -vvv"}}
> Then I get this log fragment from my git clone failing:
> {{debug1: Host '[bitbucketdev]:7999' is known and matches the RSA host key.}}
> {{debug1: Found key in /home/<...>/.ssh/known_hosts:1}}
> {{debug3: send packet: type 21}}
> {{debug2: set_newkeys: mode 1}}
> {{debug1: rekey after 4294967296 blocks}}
> {{debug1: SSH2_MSG_NEWKEYS sent}}
> {{debug1: expecting SSH2_MSG_NEWKEYS}}
> {{debug3: receive packet: type 21}}
> {{debug1: SSH2_MSG_NEWKEYS received}}
> {{debug2: set_newkeys: mode 0}}
> {{debug1: rekey after 4294967296 blocks}}
> {{debug2: key: /home/<...>/.ssh/id_rsa (200855b8)}}
> {{debug2: key: /home/<...>/.ssh/id_dsa (0)}}
> {{debug2: key: /home/<...>/.ssh/id_ecdsa (0)}}
> {{debug2: key: /home/<...>/.ssh/id_ed25519 (0)}}
> {{debug3: send packet: type 5}}
> {{debug3: receive packet: type 6}}
> {{debug2: service_accept: ssh-userauth}}
> {{debug1: SSH2_MSG_SERVICE_ACCEPT received}}
> {{debug3: send packet: type 50}}
> {{debug3: receive packet: type 51}}
> {{debug1: Authentications that can continue: publickey}}
> {{debug3: start over, passed a different list publickey}}
> {{debug3: preferred publickey,keyboard-interactive,password}}
> {{debug3: authmethod_lookup publickey}}
> {{debug3: remaining preferred: keyboard-interactive,password}}
> {{debug3: authmethod_is_enabled publickey}}
> {{debug1: Next authentication method: publickey}}
> {{debug1: Offering RSA public key: /home/<...>/.ssh/id_rsa}}
> {{debug3: send_pubkey_test}}
> {{debug3: send packet: type 50}}
> {{debug2: we sent a publickey packet, wait for reply}}
> {{debug3: receive packet: type 60}}
> {{debug1: Server accepts key: pkalg ssh-rsa blen 279}}
> {{debug2: input_userauth_pk_ok: fp SHA256:<...>}}
> {{debug3: sign_and_send_pubkey: RSA SHA256:<...>}}
> {{debug3: send packet: type {color:#FF0000}106{color}}}
> {{debug1: Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet}}
> {{debug3: send packet: type 50}}
> {{debug3: receive packet: type 51}}
> {{debug1: Authentications that can continue: publickey}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_dsa}}
> {{debug3: no such identity: /home/<...>/.ssh/id_dsa: No such file or
> directory}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_ecdsa}}
> {{debug3: no such identity: /home/<...>/.ssh/id_ecdsa: No such file or
> directory}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_ed25519}}
> {{debug3: no such identity: /home/<...>/.ssh/id_ed25519: No such file or
> directory}}
> {{debug2: we did not send a packet, disable method}}
> {{debug1: No more authentication methods to try.}}
> {{Permission denied (publickey).}}
> {{fatal: Could not read from remote repository.}}{{Please make sure you have
> the correct access rights}}
> {{and the repository exists.}}
> After my key is sent to Mina and accepted with Server accepts key (and
> Bitbucket logs the acceptance), the AIX openssh client sends packet type 106,
> then the key is rejected.
> The workaround is to set an option in my ~/.ssh/config file:
> {{AllowPKCS12keystoreAutoOpen no}}
> Then I can git clone successfully.
> This ssh option is custom and unrecognized on Linux openssh client.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
