[ https://issues.apache.org/jira/browse/SSHD-1264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527461#comment-17527461 ]
James Nord commented on SSHD-1264: ---------------------------------- rather than a log there is a crude test case at [https://github.com/apache/mina-sshd/pull/221/] that shows the issue.. Hope that helps > different host key algorithm used on rekey than used for the initial > connection > ------------------------------------------------------------------------------- > > Key: SSHD-1264 > URL: https://issues.apache.org/jira/browse/SSHD-1264 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 2.8.0 > Reporter: James Nord > Priority: Major > Attachments: sshd_log.txt > > Time Spent: 10m > Remaining Estimate: 0h > > when using mina as an ssh client to connect to an open ssh server the host > key algorithm that is negotiated on the initial connection can have a > different algorithm than the one used in a rekey. > This causes an issue as connections can be terminated if the initial host key > type is in the known hosts, (say ecdsa) but the subsequent on (rsa) is not. > once connected the same host key algorithm should be used in any subsequent > re-key events. > (see log attached from SSHD) > Note: this is easyish to see by setting opensshd server config `RekeyLimit > default 10` which will cause a rekey after 10 seconds on a data event. > e.g. > {noformat} > debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth] > debug1: kex: host key algorithm: rsa-sha2-512 {noformat} > shows the flop from an agreed exchange of {{ecdsa-sha2-nistp256}} to > {{rsa-sha2-512}} > the end result is that if the rsa key is not known then the connection is > killed > {{o.a.s.c.k.KnownHostsServerKeyVerifier#acceptModifiedServerKey: > acceptModifiedServerKey(ClientSessionImpl[jenkins@localhost/127.0.0.1:22]) > mismatched keys presented by localhost/127.0.0.1:22 for entry=localhost > ecdsa-sha2-nistp256 > AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNZDNvKiE7VBVWziZUlICIpIEMhVy0nL3y2hHYRQGMOaWWPajP86ucgwgeXAWmJOxr4bqMtC9tF0vC1W2l8wYPM=: > > expected=ecdsa-sha2-nistp256-SHA256:x5TMcz4T6ggPxxSbx6gfTzk8US6CLuxgmqXNXedu+6w, > actual=ssh-rsa-SHA256:W60YQsFuMkHf0flHrJFR31lvyYm7Y6BkEMkqHUTOpZQ}} -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org