Feng Jiajie created SSHD-1082:
---------------------------------
Summary: Content of the RSA key file are overwritten by the new EC
key
Key: SSHD-1082
URL: https://issues.apache.org/jira/browse/SSHD-1082
Project: MINA SSHD
Issue Type: Improvement
Reporter: Feng Jiajie
I put the RSA key for host in /tmp/myhost.
On the master branch code, after starting SSHD, the key file is overwritten by
the newly generated EC key.
Perhaps this is a risk of losing the RSA key.
{code:java}
public static void main(String[] args) throws IOException, InterruptedException
{
Logger minaLogger = (Logger) LoggerFactory.getLogger("org.apache.sshd");
if (minaLogger != null) {
minaLogger.setLevel(Level.DEBUG);
}
SshServer sshd = SshServer.setUpDefaultServer();
sshd.setPort(12133);
sshd.setKeyPairProvider(new
BouncyCastleGeneratorHostKeyProvider(Paths.get("/tmp/myhost")));
sshd.setPasswordAuthenticator((username, password, session) -> true);
sshd.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
sshd.start();
Thread.sleep(100000000);
}
{code}
/tmp/myhost :
{code:java}
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA7dJnRE11qyJnx5plrTB9lw38GFynVS8/JfggeqUUAFFI4+iD
i1cfiyPCmZIM7/jxJy5ihZKL18HP9GDCRSPh+HFCzOPVf6q+tLa5NzdHbADzDmXF
gg5eoPumdpfLbI3kzqe+6VvX1osz/No77QtC79eM8u4PXXibu5vRnK+8narU1DbM
/36jGnUbPD5iU2PoAziU81bLrlJKk1apRtrhMd+ik9mpjiWKZoE16SpDmHAjSMQI
yJBwzphfH9drXYKSePm8YRTySqIaY36wSlgf+vrXgXoM0vnmN6dQNZ1ORkO91Lbf
v9A+7Fi+YxVz7h3i7mQM8F4QcFSn3mnFbuYeEwIDAQABAoIBAEaNLplyqT+1mzf5
s8QnKHrRaUII6pM4yvEGpQv9QOu/MXJ7HdsOY4sxdp98Vl4yacgH2K5rhRTiqECF
G9zLAlRjtT93L3UKQDz4IAYjXgrKVVCmHGuyu5viS8XOzkhL597uoJI17tf0v915
GGH//0GLnoLK4MAH8Zs8ZHipIblbzA/nIKO29tjs2WCOURkAKauYeuv8kpPFIoGA
Wmcmzz+AlihZfqMYhuBNiQOjlheO8lPkKoKO6xrMtAwey3TZQx55F2SRe8qrh3gD
+EDT1emuuTGfHv643U3E/PtTz9/uzVeVGHTWyjee2D0zx5/dV18envIChcK7CARx
kZAi97ECgYEA+w4KkAf3rO3zseQA7+OyucOAaNxWRNuPW/qIXzt8S4NpkhAoEow/
bfaFGJ0UUZm2/DWaqjg3sr2ugSaFd94IkZZMoaV6Vkn69vARU+K4n/Het/rBbRAx
75hyzSVjF8GxdMTcdk+eYZ3OA70kgIjOP1nAd10qIhXAW8DQfeesumUCgYEA8oGi
V6IGBPL31bhQLPKqHTaohceixH6m7z80JzyFPSPWWUqUB4BsBgq/qKvo8VkQZrBE
pZr+UDpC+QJDSc01Dz3Kp11knlFndZGPwCZ4QGrNqRFsD5SKBhJxLWRveOk9f0D2
Mcs3smbwsvU1YkUJzy9UUNv/w9VDLS3hCp6ucxcCgYAMFAvcDBYVYslTqKWG5QyH
NWmrIdagr3OBOFdxRXpgY60jktVqtwaiMrcKjRwaJOwRzD5prBS567hGjGTldHAz
GOkM6dot5pdFZB1hTMoXH9rYPR8rMRlF7q6vQfo3fWEdPg9hPclf5uivc10bNfm+
QIIq+/d39lXv1CHzvL6ppQKBgQDio7bWUa1weKaYzb3YlB3aWZfcF3yOSZO4KwiR
1uTrBBAyuRlpfWL3rpn6iFeXH9bNMdWmNBmTXy/ySmQamDcLfINmMUl1EL0xSo3f
VdSy115HsOmeEgOAs0Gk26W2ib0YrdypIrR1/fDcP4DZy43kXOZe/4ykOC6lDaix
ZSXClwKBgGcPWUpU8WKpgK48TZEhBGLZAZC1FxFKYhZrrsqpqAjaRMHoc+9NDVEP
cjzUNwmaF5R0pqsB41wAK5AN2RpHtAHWWIivQ4FerohIxKJ/Mz26t7yDg0/har3O
zy4I8x1F1/NuLGG2oK3FNYoxmykuIWh9B57v4CGgwbgSDUbEMkoN
-----END RSA PRIVATE KEY-----
{code}
log:
{code:java}
2020-09-18 18:28:30.248 |- DEBUG
[sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--]
o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider :
resolveKeyPair(/tmp/myhost) mismatched loaded key algorithm: expected=EC,
loaded=RSA
2020-09-18 18:28:30.405 |- INFO
[sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--]
o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider : generateKeyPair(EC)
generating host key=nistp521
2020-09-18 18:28:30.448 |- DEBUG
[sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--]
o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider :
resolveKeyPair(/tmp/myhost) generated EC
key=ecdsa-sha2-nistp521-SHA256:9MVQumUEQx8YnTsK0yhWFLp84qlHTUfgEH1rz9HvJw8
{code}
A simple way to handle this might be
{code:java}
AbstractGeneratorHostKeyProvider.java
// Not same algorithm - start again
if (log.isDebugEnabled()) {
log.debug("resolveKeyPair({}) mismatched loaded key algorithm:
expected={}, loaded={}",
keyPath, alg, keyAlgorithm);
}
- Files.deleteIfExists(keyPath);
- return null;
+ throw new IOException("mismatched loaded key algorithm");
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
