Roberto Deandrea created SSHD-1277:
--------------------------------------
Summary: Error connecting to particular SFTP server after enabling
HostKeyAlgorithms rsa-sha2-256 rsa-sha2-512 on SFTP client
Key: SSHD-1277
URL: https://issues.apache.org/jira/browse/SSHD-1277
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.8.0
Environment: java.runtime = Java(TM) SE Runtime Environment (8.0.6.10
- pxa6480sr6fp10-20200408_01(SR6 FP10))
os = Linux (3.10.0-1160.42.2.el7.x86_64; amd64) (en_US)
Reporter: Roberto Deandrea
Attachments: trace_apachesshd_client.log
Hi Thomas,
I have a strange issue with an SFTP client connection based on Apache SSHD
2.8.0 client.
After enabling the support for server HostKeyAlgorithms
rsa-sha2-256,rsa-sha2-512 with this code:
_SshClient sshClient = SshClient.setUpDefaultClient();_
_sshClient.setSignatureFactories(Arrays.<NamedFactory<Signature>> asList(
BuiltinSignatures.rsa,_
_BuiltinSignatures.rsaSHA256,_
_BuiltinSignatures.rsaSHA512));_
the SFTP connection fails against a particular server with the following stack
trace :
[6/28/22 5:32:46:783 EDT] 00004102 id=00000000
org.apache.sshd.common.util.logging.LoggingUtils W warn
exceptionCaught(ClientSessionImpl[StateStreetDS.sftpuser@/127.0.0.1:46323])[state=Opened]
SignatureException: Signature encoding error
java.security.SignatureException: Signature encoding error
at com.ibm.crypto.fips.provider.RSASignature.a(Unknown Source)
at com.ibm.crypto.fips.provider.RSASignature.engineVerify(Unknown
Source)
at java.security.Signature$Delegate.engineVerify(Signature.java:1231)
at java.security.Signature.verify(Signature.java:661)
at
org.apache.sshd.common.signature.AbstractSignature.doVerify(AbstractSignature.java:164)
at
org.apache.sshd.common.signature.SignatureRSA.verify(SignatureRSA.java:116)
at org.apache.sshd.client.kex.DHGClient.next(DHGClient.java:181)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:633)
at
org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:524)
at
org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
at
org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
at
org.apache.sshd.netty.NettyIoSession.channelRead(NettyIoSession.java:252)
at
org.apache.sshd.netty.NettyIoSession$Adapter.channelRead(NettyIoSession.java:296)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at
io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:271)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:820)
Caused by: java.io.IOException: ObjectIdentifier mismatch:
2.16.840.1.101.3.4.2.1
at com.ibm.crypto.fips.provider.RSASignature.decodeSignature(Unknown
Source)
+Before the above code change, the SFTP connection worked fine with that
particular SFTP server.+
The file attached contains verbose traces of the failing SFTP client connection.
Looking through Apache SSHD Jiras and mails I found this mail
(https://www.mail-archive.com/[email protected]/msg33417.html) that shows the
same symptoms of my problem. The problem was reported in Apache SSHD 2.2.0 and
fixed in 2.4.0.
Questions :
Do you think this is a bug inside Apache SSHD 2.8.0 code ?
How is possible that enabling rsa-sha2 host key algorithms on client could give
this issue with a ('before') working SFTP connection ?
Do you need other info for troubleshooting this issue ?
Thanks in advance for your support
Kind Regards
Roberto D.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
