openjdk version "21" 2023-09-19
OpenJDK Runtime Environment (build 21+35)
OpenJDK 64-Bit Server VM (build 21+35, mixed mode, sharing)
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<version>2.10.0</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<version>4.1.100.Final</version>
</dependency>
I have 2 problems:
1:
Without enabling the host key ecdsa-sha2-nistp521, connecting
to the server does not work. See content signatureNew
signatureNew:[ecdsa-sha2-nistp256-cert-...@openssh.com,
ecdsa-sha2-nistp384-cert-...@openssh.com,
ecdsa-sha2-nistp521-cert-...@openssh.com,
rsa-sha2-512-cert-...@openssh.com, rsa-sha2-256-cert-...@openssh.com,
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
sk-ecdsa-sha2-nistp...@openssh.com, rsa-sha2-512, rsa-sha2-256, ssh-rsa]
To demonstrate, uncomment the comment next to //ME
2:
When replacing SimpleGeneratorHostKeyProvider with
BouncyCastleGeneratorHostKeyProvider, a connection error occurs:
```
[sshd-SshServer[78b101de](port=3000)-nio2-thread-3] INFO
org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider
- generateKeyPair(EC) generating host key=nistp521
[sshd-SshServer[78b101de](port=3000)-nio2-thread-3] WARN
org.apache.sshd.server.session.ServerSessionImpl -
resolveAvailableSignaturesProposal(ServerSessionImpl[null@/127.0.0.1:43744])
failed (NoClassDefFoundError) to get key types:
org/bouncycastle/openssl/jcajce/JcaPEMWriter
[sshd-SshServer[78b101de](port=3000)-nio2-thread-3] WARN
org.apache.sshd.server.session.ServerSessionImpl -
exceptionCaught(ServerSessionImpl[null@/127.0.0.1:43744])[state=Opened]
RuntimeSshException: null
```
code:
try {
final var sshd = SshServer.setUpDefaultServer();
sshd.setPort(3000);
final var hostkeyPath = Paths.get("hostkey3.pem");
final SimpleGeneratorHostKeyProvider aa = new
SimpleGeneratorHostKeyProvider(hostkeyPath);
sshd.setKeyPairProvider(aa);
sshd.setPasswordAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(final String username,
final String password, final ServerSession session)
throws PasswordChangeRequiredException,
AsyncAuthException {
return false;
}
});
final var signatureNew = new
ArrayList<NamedFactory<Signature>>();
final var kex = sshd.getKeyExchangeFactories();
final var mac = sshd.getMacFactories();
final var cipher = sshd.getCipherFactories();
final var signature = sshd.getSignatureFactories();
final List<String> kexV =
Arrays.asList("ecdh-sha2-nistp521", "ecdh-sha2-nistp384",
"ecdh-sha2-nistp256",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha256");
final List<String> macV = Arrays.asList("hmac-sha1",
"hmac-sha2-256", "hmac-sha2-512",
"hmac-sha1-...@openssh.com");
final List<String> cipherV = Arrays.asList("aes128-cbc",
"aes192-cbc", "aes256-cbc");
final var kexNew = kex.stream().filter(factory ->
!kexV.contains(factory.getName())).toList();
final var macNew = mac.stream().filter(factory ->
!macV.contains(factory.getName())).toList();
final var cipherNew = cipher.stream().filter(factory ->
!cipherV.contains(factory.getName())).toList();
for (final NamedFactory<Signature> factory : signature) {
// ME
/*-
final var factoryName = factory.getName();
if ("ecdsa-sha2-nistp521".equals(factoryName)) {
continue;
}
*/
signatureNew.add(factory);
}
System.out.println(signatureNew);
sshd.setMacFactories(macNew);
sshd.setKeyExchangeFactories(kexNew);
sshd.setCipherFactories(cipherNew);
sshd.setSignatureFactories(signatureNew);
final ProcessShellFactory shell = new
ProcessShellFactory("/usr/bin/bash", "/usr/bin/bash");
sshd.setShellFactory(shell);
sshd.start();
} catch (final IOException e) {
e.printStackTrace();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
