[
https://issues.apache.org/jira/browse/KARAF-1513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Forrest Xia updated KARAF-1513:
-------------------------------
Attachment: KARAF-1513.trunk.patch
Open keySize and algorithm settings, please review this patch and help commit
if agreed.
I tested it with IBM JDK 6 SR10 FP1, and it works for me.
This patch should be easily ported back to karaf 2.x.x releases.
> SSH keystore incompatible if generated with IBM JDK
> ---------------------------------------------------
>
> Key: KARAF-1513
> URL: https://issues.apache.org/jira/browse/KARAF-1513
> Project: Karaf
> Issue Type: Bug
> Components: karaf-shell
> Affects Versions: 2.2.6
> Environment: java version "1.6.0"
> Java(TM) SE Runtime Environment (build pxi3260sr10fp1-20120321_01(SR10 FP1))
> IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32
> jvmxi3260sr10fp1-20120202_101568 (JIT enabled, AOT enabled)
> J9VM - 20120202_101568
> JIT - r9_20111107_21307ifx1
> GC - 20120202_AA)
> JCL - 20120320_01
> Reporter: Zsolt Beothy-Elo
> Priority: Minor
> Attachments: KARAF-1513.trunk.patch
>
>
> After starting the container with karaf script, the consquent attempt to
> connect to the instance with the client script fails:
> /opt/TESB-QA-Workspace/container/bin# ./client -a 8101
> 950 [NioProcessor-2] WARN org.apache.sshd.client.session.ClientSessionImpl -
> Exception caught
> org.apache.sshd.common.SshException: KeyExchange signature verification failed
> at
> org.apache.sshd.client.kex.AbstractDHGClient.next(AbstractDHGClient.java:121)
> at
> org.apache.sshd.client.session.ClientSessionImpl.doHandleMessage(ClientSessionImpl.java:243)
> at
> org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:198)
> at
> org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:522)
> at
> org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:225)
> ...
> The following stuff is observed in the karaf log:
> 23:53:42,043 | INFO | NioProcessor-2 | shd.server.session.ServerSession 87 |
> 22 - sshd-core - 0.5.0 | Session created...
> 23:53:42,052 | INFO | NioProcessor-2 | AbstractGeneratorHostKeyProvider 149 |
> 22 - sshd-core - 0.5.0 | Generating host key...
> 23:53:42,124 | INFO | NioProcessor-2 | shd.server.session.ServerSession 307 |
> 22 - sshd-core - 0.5.0 | Client version string: SSH-2.0-SSHD-CORE-0.5.0
> 23:53:42,125 | INFO | NioProcessor-2 | shd.server.session.ServerSession 149 |
> 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXINIT
> 23:53:42,203 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 84 |
> 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXDH_INIT
> 23:53:42,246 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 125 |
> 22 - sshd-core - 0.5.0 | Send SSH_MSG_KEXDH_REPLY
> 23:53:42,246 | INFO | NioProcessor-2 | d.common.session.AbstractSession 691 |
> 22 - sshd-core - 0.5.0 | Send SSH_MSG_NEWKEYS
> 23:53:42,283 | INFO | NioProcessor-2 | shd.server.session.ServerSession 124 |
> 22 - sshd-core - 0.5.0 | Received SSH_MSG_DISCONNECT (reason=3,
> msg=KeyExchange signature verification failed)
> 23:53:42,284 | INFO | NioProcessor-2 | d.common.session.AbstractSession 287 |
> 22 - sshd-core - 0.5.0 | Closing session
> After a certain investigation, the conclusion is made that the issue is
> connected to the <container>/etc/host.key file, which seems to be generated
> different under IBM JVM comparing to the one received on Sun Java VM:
> ls -al host*
> rw-rr- 1 root root 1202 2012-04-25 13:03 host.key.sunjvm
> rw-rr- 1 root root 2581 2012-04-25 12:35 host.key
> #
> (see the difference in size, at least)
> If I replace it with a copy of host.key file taken from a different container
> working under Sun JVM, everything works just fine.
> The issue reproduces both, with client script running locally and with a
> remote one running on Sun Java VM 1.6.0_30.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
