[
https://issues.apache.org/jira/browse/SSHD-852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654040#comment-16654040
]
Goldstein Lyor edited comment on SSHD-852 at 10/18/18 10:28 AM:
----------------------------------------------------------------
Thanks for the contribution - created
[https://github.com/apache/mina-sshd/pull/71] I will review it and merge it in
if no problems come up. Can you provide some link to the documentation that
explains how known host hashes should be calculated for standard and
non-standard ports ? I would be especially interested also in how to hash IPv6
addresses (though not an issue at the moment).
was (Author: lgoldstein):
Thanks for the contribution - created
[https://github.com/apache/mina-sshd/pull/71.] I will review it and merge it in
if no problems come up. Can you provide some link to the documentation that
explains how known host hashes should be calculated for standard and
non-standard ports ? I would be especially interested also in how to hash IPv6
addresses (though not an issue at the moment).
> Verification fails for hashed known host entry on non standard port generated
> by OpenSSH client
> -----------------------------------------------------------------------------------------------
>
> Key: SSHD-852
> URL: https://issues.apache.org/jira/browse/SSHD-852
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.1.1
> Environment: Linux Mint 19
> Reporter: Stefan Verhoeven
> Priority: Minor
> Attachments: ConnectToNonDefaultPortTest.java
>
>
> The Apache SshClient is unable to verify a known host entry that was made by
> the OpenSSH client when the entry is on a port other than 22.
>
> I get the following exception
> {code:java}
> org.apache.sshd.common.SshException: Server key did not validate
> at
> org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
> ...{code}
>
> The OpenSSH client will create a hash for `[host]:port` while Apache
> SshClient will check hashed entries for `host` (see
> https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.]
> This difference will cause the correct known host entry to be marked as not
> a match which in turn causes the exception.
>
> The error can be reproduced by setting up the a SSH server
> {code:java}
> rm ~/.ssh/known_hosts
> docker run -d -p 2222:22 nlesc/xenon-ssh
> # Prime known hosts with hash entry, password=javagat
> ssh xenon@localhost -p 10022 hostname
> {code}
> and then running the attached test.
>
> I created a fix and tests at
> https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
