[
https://issues.apache.org/jira/browse/SSHD-1063?focusedWorklogId=474445&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-474445
]
ASF GitHub Bot logged work on SSHD-1063:
----------------------------------------
Author: ASF GitHub Bot
Created on: 25/Aug/20 18:19
Start Date: 25/Aug/20 18:19
Worklog Time Spent: 10m
Work Description: lgoldstein opened a new pull request #162:
URL: https://github.com/apache/mina-sshd/pull/162
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 474445)
Remaining Estimate: 0h
Time Spent: 10m
> KnownHostsServerKeyVerifier fail with alternative ports (non 22/TCP)
> --------------------------------------------------------------------
>
> Key: SSHD-1063
> URL: https://issues.apache.org/jira/browse/SSHD-1063
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.5.1
> Reporter: Guillermo Grandes
> Assignee: Lyor Goldstein
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> First connection, to port 22, create entry in known_hosts (this is OK).
> {code:none}
> 2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient -
> Connecting to: [email protected]:22
> 2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session
> established: [email protected]:22
> {code}
> After disconnect, a second connection, but to port 2020, same IP but another
> port (responded by another ssh-service), connection fails (detect changed
> key, this is bad).
> {code:none}
> 2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient -
> Connecting to: [email protected]:2020
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN]
> ClientSessionImpl -
> exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened]
> SshException: Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO]
> ClientSessionImpl -
> Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]):
> SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate
> 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN]
> ClientSessionImpl -
> disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation
> failed (ClosedChannelException) for
> reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]:
> null
> 2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient -
> IOException: org.apache.sshd.common.SshException: Server key did not validate
> {code}
> If the first connection is to port 2020, and second is to port 22, two
> entries are created in known_hosts and all works fine.
> To reproduce, with this snippet of code:
> {code:java}
> final File knownHost = new File("/tmp/known_hosts");
> knownHost.delete();
> knownHost.createNewFile();
> KnownHostsServerKeyVerifier hostVerifier = new
> KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) ->
> true), knownHost.toPath()); // Accept unknown
> hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress,
> entry, expected, actual) -> false); // Reject modified
> SshClient client = SshClient.setUpDefaultClient();
> client.setServerKeyVerifier(hostVerifier);
> client.start();
> // ...etc...
> {code}
> * Connect to server A, port 22.
> * Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020
> in server A to server B in port 22).
> My intuition tells me that the solution (or maybe workaround) could be this
> little change:
> {code:java}
> // class: org.apache.sshd.client.config.hosts.KnownHostHashValue
> public static <A extends Appendable> A appendHostPattern(A sb, String
> host, int port) throws IOException {
> - boolean nonDefaultPort = (port > 0) && (port !=
> SshConstants.DEFAULT_PORT);
> + boolean nonDefaultPort = true;
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
