[
https://issues.apache.org/jira/browse/SSHD-1314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641501#comment-17641501
]
Thomas Wolf commented on SSHD-1314:
-----------------------------------
Using Java serialization to store a private key was a very bad idea to begin
with. The new code is backwards compatible: it can still load already stored
keys that use Java serialization that were produced by older versions of
{{SimpleGeneratorHostKeyProvider}}. (Unless some unknown security provider was
used, and its key classes are not whitelisted.) Only if there isn't a key yet
and a new key is written, a new format will be used that doesn't require Java
de-serialization for loading.
The upshot of this is that only code that makes assumptions about the storage
format used by {{SimpleGeneratorHostKeyProvider}}, such as that Karaf unit
test, will see a difference in behavior. Such code will have to be changed.
If the test is supposed to test that a key stored via Java serialization can be
loaded, then please see our {{SimpleGeneratorHostKeyProviderTest}} at [line
109|https://github.com/apache/mina-sshd/blob/master/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProviderTest.java#L109]:
don't rely on whatever {{SimpleGeneratorHostKeyProvider}} does but serialize
the key explicitly.
> OpenSSHKeyPairProvider is not able to load SimpleKey
> ----------------------------------------------------
>
> Key: SSHD-1314
> URL: https://issues.apache.org/jira/browse/SSHD-1314
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.2
> Reporter: Jean-Baptiste Onofré
> Priority: Major
>
> Since this commit:
> {code:java}
> commit 5a8fe830b2a2308a2b24ac8115a391af477f64f5
> Author: Thomas Wolf <[email protected]>
> Date: Sat Nov 5 21:00:40 2022 +0100 Better file handling for host keys
>
> Store host keys in the OpenSSH format. This makes it possible to use
> EdDSA host keys. Also set file permissions and read legacy files more
> carefully. .../AbstractGeneratorHostKeyProvider.java | 88
> ++++++++++++++---
> .../SimpleGeneratorHostKeyProvider.java | 109
> ++++++++++++++++++---
> .../SimpleGeneratorHostKeyProviderTest.java | 26 ++++-
> 3 files changed, 194 insertions(+), 29 deletions(-)
> {code}
> it's not possible to "convert" a simple key to SSH key.
>
> Basically, the following code worked with sshd 2.9.1:
> {code:java}
> File privateKeyTemp = File.createTempFile(this.getClass().getCanonicalName(),
> ".priv");
> privateKeyTemp.deleteOnExit();
> File publicKeyTemp = File.createTempFile(this.getClass().getCanonicalName(),
> ".pub");
> publicKeyTemp.deleteOnExit();
> SimpleGeneratorHostKeyProvider simpleGenerator = new
> SimpleGeneratorHostKeyProvider(privateKeyTemp.toPath());
> simpleGenerator.setKeySize(2048);
> simpleGenerator.setAlgorithm("DSA");
> List<KeyPair> keys = simpleGenerator.loadKeys(null);
> KeyPair simpleKeyPair = keys.stream().findFirst().get();
> Assert.assertEquals("DSA", simpleKeyPair.getPrivate().getAlgorithm());
> OpenSSHKeyPairProvider provider =
> new OpenSSHKeyPairProvider(privateKeyTemp.toPath(),
> publicKeyTemp.toPath(), "DSA", 2048, null);
> KeyPair convertedKeyPair = provider.loadKeys(null).iterator().next();
> Assert.assertEquals("DSA", convertedKeyPair.getPrivate().getAlgorithm());
> Assert.assertArrayEquals(simpleKeyPair.getPrivate().getEncoded(),convertedKeyPair.getPrivate().getEncoded());
> Assert.assertArrayEquals(simpleKeyPair.getPublic().getEncoded(),convertedKeyPair.getPublic().getEncoded());
> //also test that the original file has been replaced
> KeyPair keyPair =
> KeyPairLoader.getKeyPair(Files.newInputStream(privateKeyTemp.toPath()));
> Assert.assertArrayEquals(simpleKeyPair.getPrivate().getEncoded(),keyPair.getPrivate().getEncoded());
> {code}
> but it fails now with sshd 2.9.2 with:
> {code:java}
> INFO: generateKeyPair(DSA) generating host key - size=2048
> Nov 30, 2022 6:12:35 PM
> org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider loadKeys
> WARNING: Failed to parse keypair in
> /tmp/org.apache.karaf.shell.ssh.keygenerator.OpenSSHGeneratorKeyFileProviderTest8057592323787152069.priv.
> Attempting to parse it 'directly'
> Nov 30, 2022 6:12:35 PM
> org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider loadKeys
> WARNING: Failed to parse keypair in
> /tmp/org.apache.karaf.shell.ssh.keygenerator.OpenSSHGeneratorKeyFileProviderTest8057592323787152069.priv.
> Attempting to parse it as a legacy 'simple' key
> Nov 30, 2022 6:12:35 PM
> org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider loadKeys
> WARNING:
> /tmp/org.apache.karaf.shell.ssh.keygenerator.OpenSSHGeneratorKeyFileProviderTest8057592323787152069.priv
> is not a 'simple' key either
> {code}
> because we go on the last try in the {{loadkeys()}} method.
> I will work on a fix.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]