openjdk version "21" 2023-09-19
OpenJDK Runtime Environment (build 21+35)
OpenJDK 64-Bit Server VM (build 21+35, mixed mode, sharing)
<dependency>
    <groupId>org.apache.sshd</groupId>
    <artifactId>sshd-core</artifactId>
    <version>2.10.0</version>
</dependency>
<dependency>
    <groupId>io.netty</groupId>
    <artifactId>netty-all</artifactId>
    <version>4.1.100.Final</version>
</dependency>


I have 2 problems:
    1:
        Without enabling the host key ecdsa-sha2-nistp521, connecting to the server does not work. See content signatureNew         signatureNew:[ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com, rsa-sha2-512-cert-...@openssh.com, rsa-sha2-256-cert-...@openssh.com, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, sk-ecdsa-sha2-nistp...@openssh.com, rsa-sha2-512, rsa-sha2-256, ssh-rsa]
        To demonstrate, uncomment the comment next to //ME
    2:
    When replacing SimpleGeneratorHostKeyProvider with BouncyCastleGeneratorHostKeyProvider, a connection error occurs:
        ```
        [sshd-SshServer[78b101de](port=3000)-nio2-thread-3] INFO org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider - generateKeyPair(EC) generating host key=nistp521         [sshd-SshServer[78b101de](port=3000)-nio2-thread-3] WARN org.apache.sshd.server.session.ServerSessionImpl - resolveAvailableSignaturesProposal(ServerSessionImpl[null@/127.0.0.1:43744]) failed (NoClassDefFoundError) to get key types: org/bouncycastle/openssl/jcajce/JcaPEMWriter         [sshd-SshServer[78b101de](port=3000)-nio2-thread-3] WARN org.apache.sshd.server.session.ServerSessionImpl - exceptionCaught(ServerSessionImpl[null@/127.0.0.1:43744])[state=Opened] RuntimeSshException: null
        ```



code:

try {
            final var sshd = SshServer.setUpDefaultServer();
            sshd.setPort(3000);
            final var hostkeyPath = Paths.get("hostkey3.pem");

            final SimpleGeneratorHostKeyProvider aa = new SimpleGeneratorHostKeyProvider(hostkeyPath);
            sshd.setKeyPairProvider(aa);
            sshd.setPasswordAuthenticator(new PasswordAuthenticator() {

                @Override
                public boolean authenticate(final String username, final String password, final ServerSession session)                         throws PasswordChangeRequiredException, AsyncAuthException {

                    return false;
                }
            });

            final var signatureNew = new ArrayList<NamedFactory<Signature>>();

            final var kex = sshd.getKeyExchangeFactories();
            final var mac = sshd.getMacFactories();
            final var cipher = sshd.getCipherFactories();
            final var signature = sshd.getSignatureFactories();

            final List<String> kexV = Arrays.asList("ecdh-sha2-nistp521", "ecdh-sha2-nistp384", "ecdh-sha2-nistp256",                     "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha256");             final List<String> macV = Arrays.asList("hmac-sha1", "hmac-sha2-256", "hmac-sha2-512",
                    "hmac-sha1-...@openssh.com");
            final List<String> cipherV = Arrays.asList("aes128-cbc", "aes192-cbc", "aes256-cbc");

            final var kexNew = kex.stream().filter(factory -> !kexV.contains(factory.getName())).toList();             final var macNew = mac.stream().filter(factory -> !macV.contains(factory.getName())).toList();             final var cipherNew = cipher.stream().filter(factory -> !cipherV.contains(factory.getName())).toList();

            for (final NamedFactory<Signature> factory : signature) {
                // ME
                /*-
                final var factoryName = factory.getName();
                if ("ecdsa-sha2-nistp521".equals(factoryName)) {
                    continue;
                }
                */

                signatureNew.add(factory);
            }
            System.out.println(signatureNew);

            sshd.setMacFactories(macNew);
            sshd.setKeyExchangeFactories(kexNew);
            sshd.setCipherFactories(cipherNew);

            sshd.setSignatureFactories(signatureNew);
            final ProcessShellFactory shell = new ProcessShellFactory("/usr/bin/bash", "/usr/bin/bash");
            sshd.setShellFactory(shell);

            sshd.start();
        } catch (final IOException e) {
            e.printStackTrace();
        }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to