So, seeing as how I had to set up xwindows to run the ChangePassphrase class
anwyay, I installed eclipse and ran it under the debugger with attached source.
I also added a logger into the mix. Lastly I monitored the security log of the
target server.
What I found
From the target server:
Received disconnect from 172.16.38.113: 3:
com.jcraft.jsch.JSchException: Auth cancel
From the logger:
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Connecting to 172.16.38.63 port 22
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Connection established
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Remote version string: SSH-2.0-OpenSSH_5.3
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Local version string: SSH-2.0-JSCH-0.1.48
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: aes256-ctr is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: aes192-ctr is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: aes256-cbc is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: aes192-cbc is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: arcfour is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: arcfour128 is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: arcfour256 is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: CheckKexes: diffie-hellman-group14-sha1
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: diffie-hellman-group14-sha1 is not available.
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_KEXINIT sent
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_KEXINIT received
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server: ssh-rsa,ssh-dss
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server: none,z...@openssh.com
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server: none,z...@openssh.com
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server:
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: ssh-rsa,ssh-dss
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: none
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client: none
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client:
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client:
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: server->client aes128-ctr hmac-md5 none
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: kex: client->server aes128-ctr hmac-md5 none
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_KEXDH_INIT sent
14-May-2012 9:31:51 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: expecting SSH_MSG_KEXDH_REPLY
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: ssh_rsa_verify: signature true
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
WARNING: Permanently added '172.16.38.63' (RSA) to the list of known hosts.
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_NEWKEYS sent
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_NEWKEYS received
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_SERVICE_REQUEST sent
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: SSH_MSG_SERVICE_ACCEPT received
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Authentications that can continue:
gssapi-with-mic,publickey,keyboard-interactive,password
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Next authentication method: gssapi-with-mic
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Authentications that can continue: publickey,keyboard-interactive,password
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Next authentication method: publickey
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Authentications that can continue: password
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Next authentication method: password
14-May-2012 9:31:52 AM com.dundeewealth.AutoXfr.JSchCommonsLogger log
INFO: Disconnecting from 172.16.38.63 port 22
So looking at the code it looks like UserAuthPublickKey.start method is
failing, and since there is no password, which is the next fallthrough, it
issues a disconnect.
Now, I was able to use the eclipse debugger to track down where it errored out
in the code.
It is dying around line 183 of the UserAuthPublicKey class in the start method.
The code that throws the error is at lines 183 - 185 in this class (highlighted
in red)
byte[] sid=session.getSessionId();
int sidlen=sid.length;
byte[] tmp=new byte[4+sidlen+buf.index-5];
tmp[0]=(byte)(sidlen>>>24);
tmp[1]=(byte)(sidlen>>>16);
tmp[2]=(byte)(sidlen>>>8);
tmp[3]=(byte)(sidlen);
System.arraycopy(sid, 0, tmp, 4, sidlen);
System.arraycopy(buf.buffer, 5, tmp, 4+sidlen, buf.index-5);
byte[] signature=identity.getSignature(tmp);
if(signature==null){ // for example, too long key length.
break;
}
The target server registers no complaints, however the signature is set to null
for the bad key, not null for the good key.
I see the comment here about the key length being to long. Is it possible that
JSch supprts a shorter key than native Linux Open SSH? I am not sure what the
implications of this are, but hopefully someone knows what the implications of
a null signature are.
I will keep digging of course
Regards
John Elliott
jelli...@dundeewealth.com
Phone: 416-365-5477
Dundee Wealth Inc
1 Adelaide ST EAST, 8th floor, TORONTO ONT M5C 2V9
-----Original Message-----
From: John Elliott (IT) [mailto:jelli...@dundeewealth.com]
Sent: Thursday, May 10, 2012 9:56 AM
To: Atsuhiko Yamanaka
Cc: jsch-users@lists.sourceforge.net
Subject: Re: [JSch-users] strange Auth cancel error
Yes, I was able to run that program over the problem key
I did get a message saying the key is not encrypted, but that's the same for
the key that works too.
Regards
John Elliott
jelli...@dundeewealth.com <mailto:jelli...@dundeewealth.com>
Phone: 416-365-5477
Dundee Wealth Inc
1 Adelaide ST EAST, 8th floor, TORONTO ONT M5C 2V9
-----Original Message-----
From: Atsuhiko Yamanaka [mailto:y...@jcraft.com <mailto:y...@jcraft.com> ]
Sent: Thursday, May 10, 2012 3:21 AM
To: John Elliott (IT)
Cc: jsch-users@lists.sourceforge.net <mailto:jsch-users@lists.sourceforge.net>
Subject: Re: [JSch-users] strange Auth cancel error
Hi,
+-From: "John Elliott (IT)" <jelli...@dundeewealth.com
<mailto:jelli...@dundeewealth.com> > --
|_Date: Wed, 9 May 2012 12:28:57 -0400 ___________________
|
|When we try to use the key pairs with JsCh, the key pair generated
|by me works fine, but the key pair generated by another person
|does not, and results in an "Auth Cancel" message in the
|exception. Both were generated using Solaris native ssh-keygen
|comand (the other person claims this, I could not see it done).
Can the following sample program handle that private key?
http://www.jcraft.com/jsch/examples/ChangePassphrase.java.html
<http://www.jcraft.com/jsch/examples/ChangePassphrase.java.html>
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/ <callto://jcraft/>
Twitter: http://twitter.com/ymnk <http://twitter.com/ymnk>
Facebook: http://facebook.com/aymnk <http://facebook.com/aymnk>
PLEASE BE ADVISED THAT TRADING INSTRUCTIONS SHOULD NOT BE COMMUNICATED VIA
E-MAIL, AND IF RECEIVED WILL NOT BE ACTED UPON.
Without the use of secure encryption, the Internet is not a secure medium and
privacy cannot be ensured. Internet e-mail is vulnerable to interception and
forging. DundeeWealth Inc. cannot ensure the privacy and authenticity of any
information, and will not accept any instructions, that you send to us over the
Internet. DundeeWealth Inc. will not be responsible for any damages you may
incur if you communicate confidential information to us over the Internet or if
we communicate such information to you at your request.
VEUILLEZ NOTER QUE LES INSTRUCTIONS RELATIVES AUX OPÉRATIONS NE DOIVENT PAS
ÊTRE ENVOYÉES PAR COURRIEL, CAR ELLES NE SERONT PAS EXÉCUTÉES.
Sans chiffrement sécurisé, Internet n'est pas un mode de communication sûr et
il est impossible d'assurer la confidentialité des transmissions. Les courriels
envoyés par Internet peuvent être interceptés et contrefaits. Gestion de
patrimoine Dundee ne peut assurer la confidentialité ni l'authenticité de
l'information et n'acceptera aucune instruction qui lui sera envoyée par
Internet. Gestion de patrimoine Dundee ne pourra être tenue responsable des
dommages subis si vous lui transmettez des renseignements confidentiels par
Internet ou si elle vous communique des renseignements par cette voie sur
demande de votre part.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
