Hi John,

I'm not sure if Java installation include "unlimited strength encryption
policy" or not, how ever it is installed on a mount point and the same
binaries works on one Solaris 10 box and does not work on another. - Now
that I think about it maybe they are using different shared libraries (will
check ldd on Monday)...

I thought it's a network issue, but it works on Java 1.4.
I thought it's an encoding issue, but both are using the same character
encoding (ISO8859-1).

Thanks,
-Ofir

On Sat, Feb 13, 2010 at 1:42 AM, John <j...@chaosfree.com> wrote:

>  Does your java installation of 5 and 6 include the relevant unlimited
> strength encryption policy option? It’s easy to forget and you have to
> install it each time you do an install.
>
>
>
> *From:* Ofir Oren [mailto:ofiro...@gmail.com]
> *Sent:* Saturday, 13 February 2010 12:13 PM
> *To:* jsch-users@lists.sourceforge.net
> *Subject:* [JSch-users] Auth Failed on some Solaris10 depends on Java
> version
>
>
>
> Hi,
>
> I have a weird issue with JSCH and some Solaris 10.
>
> I have the below code fragment to connect to Akamai via socks proxy, using
> JRE 1.4 it works on all test machines.
> But when I'm using JRE 5 or JRE 6 I works from some solaris 10 machines and
> does not work for others.
> The session.connect() method throws "Auth Failed"
>
> JSch.setLogger(new Logger(){
>      public boolean isEnabled(int level){
>           return true;
>      }
>      public void log(int level, String message){
> // only in JRE 6
> //                    StackTraceElement caller =
> Thread.currentThread().getStackTrace()[2];
> //                    System.err.print(caller.getFileName() + ":" +
> caller.getClassName()
> //                            + ":" + caller.getMethodName() + ":" +
> caller.getLineNumber()+": ");
>            System.err.println(message);
>        }
> });
> JSch jsch = new JSch();
> jsch.addIdentity(path2PvtKey);
> Session session = jsch.getSession(AKAMAI_USERID, AKAMAI_SERVER, 22);
> java.util.Properties config = new java.util.Properties();
> config.put("StrictHostKeyChecking", "no");
> session.setUserInfo(this);
> session.setConfig(config);
> ProxySOCKS5 ps = new ProxySOCKS5(SOCKS_PROXY_IP, SOCKS_PROXY_PORT);
> ps.setUserPasswd(SOCKS_PROXY_USERID, SOCKS_PROXY_PWD);
> session.setProxy(ps);
> session.connect();
>
>
> Here is the logging output of the bad machine:
>
> Default locale: en_US
> Default encoding: ISO8859-1
> Connecting to XXXX.upload.akamai.com port 22
> Connection established
> Remote version string: SSH-1.99-Server-VII
> Local version string: SSH-2.0-JSCH-0.1.42
> CheckCiphers:
> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
> aes256-ctr is not available.
> aes192-ctr is not available.
> aes256-cbc is not available.
> aes192-cbc is not available.
> arcfour256 is not available.
> in_kex=true 20
> command: 20
> encode: 20
>         341
> IO> 352
> SSH_MSG_KEXINIT sent
> SSH_MSG_KEXINIT received
> kex: server->client aes128-ctr hmac-md5 none
> kex: client->server aes128-ctr hmac-md5 none
> in_kex=true 30
> command: 30
> encode: 30
>         138
> IO> 152
> SSH_MSG_KEXDH_INIT sent
> expecting SSH_MSG_KEXDH_REPLY
> ssh_dss_verify: signature true
> Permanently added 'XXXX.upload.akamai.com' (DSA) to the list of known
> hosts.
> in_kex=true 21
> command: 21
> encode: 21
>         6
> IO> 16
> SSH_MSG_NEWKEYS sent
> SSH_MSG_NEWKEYS received
> in_kex=false 5
> encode: 5
>         22
> IO> 64
> SSH_MSG_SERVICE_REQUEST sent
> SSH_MSG_SERVICE_ACCEPT received
> in_kex=false 50
> encode: 50
>         42
> IO> 80
> Authentications that can continue: publickey,keyboard-interactive,password
> Next authentication method: publickey
> UserAuthPublicKey: com.jcraft.jsch.identityf...@1fddc31 null
> UserAuthPublicKey: identity.isEncrypted()=true
> UserAuthPublicKey: identity.isEncrypted()=false
> UserAuthPublicKey: pubkeyblob...@1d225a7
> Signature: SHA1withRSA from SunPKCS11-Solaris version 1.6
> keyFactory: RSA from SunPKCS11-Solaris version 1.6
> in_kex=false 50
> encode: 50
>         359
> IO> 400
> publickey partial_success:false
> in_kex=false 1
> encode: 1
>         60
> IO> 96
> Disconnecting from gehealthcare.upload.akamai.com port 22
> com.jcraft.jsch.JSchException: Auth fail
>
>
> Here is the log from the good machine:
>
> Default locale: en_US
> Default encoding: ISO8859-1
> Connecting to XXXX.upload.akamai.com port 22
> Connection established
> Remote version string: SSH-1.99-Server-VII
> Local version string: SSH-2.0-JSCH-0.1.42
> CheckCiphers:
> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
> aes256-ctr is not available.
> aes192-ctr is not available.
> aes256-cbc is not available.
> aes192-cbc is not available.
> arcfour256 is not available.
> in_kex=true 20
> command: 20
> encode: 20
>         341
> IO> 352
> SSH_MSG_KEXINIT sent
> SSH_MSG_KEXINIT received
> kex: server->client aes128-ctr hmac-md5 none
> kex: client->server aes128-ctr hmac-md5 none
> in_kex=true 30
> command: 30
> encode: 30
>         138
> IO> 152
> SSH_MSG_KEXDH_INIT sent
> expecting SSH_MSG_KEXDH_REPLY
> ssh_dss_verify: signature true
> Permanently added 'XXXX.upload.akamai.com' (DSA) to the list of known
> hosts.
> in_kex=true 21
> command: 21
> encode: 21
>         6
> IO> 16
> SSH_MSG_NEWKEYS sent
> SSH_MSG_NEWKEYS received
> in_kex=false 5
> encode: 5
>         22
> IO> 64
> SSH_MSG_SERVICE_REQUEST sent
> SSH_MSG_SERVICE_ACCEPT received
> in_kex=false 50
> encode: 50
>         42
> IO> 80
> Authentications that can continue: publickey,keyboard-interactive,password
> Next authentication method: publickey
> UserAuthPublicKey: com.jcraft.jsch.identityf...@290fbc null
> UserAuthPublicKey: identity.isEncrypted()=true
> UserAuthPublicKey: identity.isEncrypted()=false
> UserAuthPublicKey: pubkeyblob...@1833eca
> Signature: SHA1withRSA from SunPKCS11-Solaris version 1.6
> keyFactory: RSA from SunPKCS11-Solaris version 1.6
> in_kex=false 50
> encode: 50
>         359
> IO> 400
> Authentication succeeded (publickey).
>
> Any thoughts about how I can troubleshoot this?
>
> Thanks,
> -Ofir
>
>
>  ------------------------------
>
> This email has been scanned by Netintelligence
> http://www.netintelligence.com/email
>  ------------------------------
>
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to