Hi,
I was wondering if anyone had any experience using Jsch in an environment
that's also using the
JsafeJCEFIPS library from RSA? We're currently using Jsch-0.1.44 to
automate some SSH connections
to Linux and Solaris boxes. When the JsafeJCEFIPS library is set as the #1
security provider though,
some of the ciphers stop working. At first I thought it was a
FIPS/non-FIPS thing but then I realized that
the ciphers that are failing seem to be FIPS supported by JsafeJCEFIPS and
that some ciphers that are
not FIPS supported actually work.
We're currently using Jsch version 0.1.44 in conjunction with Crypto-J_4.0
and JRE 1.6u30.
I've attached a sample program based off of the Shell.java example that's
shipped with Jsch.
The program takes 5 arguments, [host, user, password, cipher_list,
enableJsafe] and can be executed likeso:
java -classpath jsafeJCEFIPS-4.0.jar:jsch-20120214.jar:. SSHTest host user
password aes128-ctr,aes192-ctr,aes256-ctr true
If I use a cipher list of "aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc" it
will connect just fine to my
targets regardless of whether or not I've enabled Jsafe.
If I use a cipher list of "arcfour128,arcfour256,arcfour" it will also
connect just fine regardless of whether
or not I've enabled Jsafe.
If I use a cipher list of "aes128-ctr,aes192-ctr,aes256-ctr" though, it
will only succeed if Jsafe is disabled.
When I enable Jsafe it fails with the error:
com.jcraft.jsch.JSchException: Packet corrupt
If I slightly modify the Logger.java example to generate this error, I get
the following log:
######################
INFO: Connecting to host port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.8
INFO: Local version string: SSH-2.0-JSCH-0.1.44
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'host' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: Disconnecting from host port 22
com.jcraft.jsch.JSchException: Packet corrupt
######################
I've tried upgrading to 0.1.46 but that didn't resolve it. I'm also trying
to upgrade Jsafe to Crypto-J_5.0 but that's
going to take a little time.
On the chance that somebody here does have experience with this, I thought
I'd try this mailing list as well.
Thanks.
Sean
import java.util.Hashtable;
import com.jcraft.jsch.*;
import com.rsa.jsafe.provider.JsafeJCE;
public class SSHTest
{
public static void main(String[] args)
{
JSch jsch = new JSch();
if (args.length != 5) {
System.err.println("Usage: SSHTest <host> <user> <passwd> <ciphers> <enable_jsafe>");
System.exit(1);
}
String host = args[0];
String user = args[1];
String passwd = args[2];
String ciphers = args[3];
boolean enableJsafe = Boolean.valueOf(args[4]);
if (enableJsafe) {
final int updatedProviderPosition = java.security.Security.insertProviderAt(new JsafeJCE(), 1);
if (updatedProviderPosition != 1) {
System.out.println("Failed to set JsafeJCE!");
System.exit(1);
}
}
try {
Session session = jsch.getSession(user, host, 22);
session.setUserInfo(new MyUserInfo(passwd));
Hashtable<String, String> config = new Hashtable<String, String>();
config.put("cipher.s2c", ciphers);
config.put("cipher.c2s", ciphers);
config.put("PreferredAuthentications", "password");
session.setConfig(config);
session.connect();
Channel channel=session.openChannel("shell");
channel.setInputStream(System.in);
channel.setOutputStream(System.out);
channel.connect();
} catch (Exception ex) {
System.out.println(ex);
}
}
private static class MyUserInfo implements UserInfo
{
private String passwd;
public MyUserInfo(String _passwd) { passwd = _passwd; }
public String getPassphrase() { return null; }
public String getPassword() { return passwd; }
public boolean promptPassphrase(String arg0) { return false; }
public boolean promptPassword(String arg0) { return true; }
public boolean promptYesNo(String arg0) { return true; }
public void showMessage(String arg0) { }
}
}
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
