All,

Please help!  I am very stuck and very green at working with authenticating 
using key files.  (These key files work with JSCH but I have not been able to 
get them to work with mina)

Current status:  I have upgraded my server to Oracle Linux 7 and my server side 
error has gone away.  However the client authentication using the keys 
continues to fail.  Here are the log messages from the client code I provided 
in my prior email.  Please note: I do not understand why my key pair fails to 
authenticate.  Maybe someone could read these log messages and tell me my 
error.  ...thanks!

14:10:14.382 [main] INFO  sl4000.SshdSftpIssue - MPW-SshdSftpIssue constructor: 
Just created the logback logger.
14:10:14.524 [main] DEBUG o.a.s.c.util.security.SecurityUtils - register(BC) 
not registered - enabled=true, supported=false
14:10:14.548 [main] INFO  o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar - 
getOrCreateProvider(EdDSA) created instance of 
net.i2p.crypto.eddsa.EdDSASecurityProvider
14:10:14.602 [main] INFO  o.a.s.c.i.DefaultIoServiceFactoryFactory - No 
detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
14:10:14.612 [main] DEBUG o.a.s.c.c.h.DefaultConfigFileHostEntryResolver - 
resolveEffectiveHost(sdp2admin@10.80.26.185:22/null) => null
14:10:14.612 [main] DEBUG org.apache.sshd.client.SshClient - 
connect(sdp2admin@10.80.26.185:22) no overrides
14:10:14.616 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector - Connecting to 
/10.80.26.185:22
14:10:14.618 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector - 
setOption(SO_REUSEADDR)[true] from property=Property[socket-reuseaddr](Boolean]
14:10:14.623 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - Creating IoSession on /10.80.102.25:44011 
from /10.80.26.185:22 via null
14:10:14.634 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - Client session created: 
Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]
14:10:14.635 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
ClientUserAuthService(ClientSessionImpl[null@/10.80.26.185:22]) client methods: 
[publickey, keyboard-interactive, password]
14:10:14.638 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.s.h.SessionTimeoutListener - 
sessionCreated(ClientSessionImpl[null@/10.80.26.185:22]) tracking
14:10:14.639 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
initializeProxyConnector(ClientSessionImpl[null@/10.80.26.185:22]) no proxy to 
initialize
14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
sendIdentification(ClientSessionImpl[null@/10.80.26.185:22]): 
SSH-2.0-APACHE-SSHD-2.6.0-SL4000
14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 34 bytes
14:10:14.643 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
sendKexInit(ClientSessionImpl[null@/10.80.26.185:22]) Send SSH_MSG_KEXINIT
14:10:14.648 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[null@/10.80.26.185:22]) packet #0 sending 
command=20[SSH_MSG_KEXINIT] len=1227
14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 1240 bytes
14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
org.apache.sshd.client.SshClient - 
setupDefaultSessionIdentities(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
key identity provider override in session listener
14:10:14.650 [main] DEBUG o.a.s.c.future.DefaultConnectFuture - Connected to 
/10.80.26.185:22 after 30795301 nanos
14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
doReadIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
line='SSH-2.0-OpenSSH_7.4'
14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
readIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Server 
version string: SSH-2.0-OpenSSH_7.4
14:10:14.650 [main] DEBUG o.a.s.c.s.ClientUserAuthService - 
auth(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] send 
SSH_MSG_USERAUTH_REQUEST for 'none'
14:10:14.651 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
handleKexInit(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_KEXINIT
14:10:14.651 [main] DEBUG o.a.s.c.session.ClientSessionImpl - 
enqueuePendingPacket(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[SSH_MSG_USERAUTH_REQUEST]
 Start flagging packets as pending until key exchange is done
14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex: 
server->client aes128-ctr hmac-sha2-256-...@openssh.com none
14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex: 
client->server aes128-ctr hmac-sha2-256-...@openssh.com none
14:10:14.715 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
org.apache.sshd.client.kex.DHGClient - 
init(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]]
 Send SSH_MSG_KEXDH_INIT
14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #1 sending 
command=30[30] len=138
14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 152 bytes
14:10:14.726 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
org.apache.sshd.client.kex.DHGClient - 
next(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]]
 process command=SSH_MSG_KEXDH_REPLY
14:10:14.747 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
setServerKey(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
keyType=ecdsa-sha2-nistp256, 
digest=SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
handleKexMessage(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ecdh-sha2-nistp521]
 KEX processing complete after cmd=31
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] WARN  
o.a.s.c.k.AcceptAllServerKeyVerifier - Server at /10.80.26.185:22 presented 
unverified EC key: SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
checkKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
key=ecdsa-sha2-nistp256-SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc, 
verified=true
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
sendNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send SSH_MSG_NEWKEYS
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #2 sending 
command=21[SSH_MSG_NEWKEYS] len=1
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 16 bytes
14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_NEWKEYS 
command=SSH_MSG_NEWKEYS
14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) session 
ID=ef:17:de:b6:ee:bd:50:c4:25:ba:6d:22:8c:4e:07:98:6d:d4:7b:ca:44:59:db:19:a5:d5:95:5a:fe:a5:f1:61:dc:80:c8:87:cc:63:83:40:a6:88:f1:f7:9c:1f:f5:6a:6c:54:f6:af:00:c5:d1:3b:4c:0d:b2:fd:1a:64:a8:56
14:10:14.784 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
inCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16], 
outCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16], 
recommended blocks limit=4294967296, actual=4294967296
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
sendInitialServiceRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send 
SSH_MSG_SERVICE_REQUEST for ssh-userauth
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #3 sending 
command=5[SSH_MSG_SERVICE_REQUEST] len=17
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 84 bytes
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #4 sending 
command=50[SSH_MSG_USERAUTH_REQUEST] len=40
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 100 bytes
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) sent 1 pending 
packets
14:10:14.790 [sshd-SshClient[52525845]-nio2-thread-3] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
handleServiceAccept(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) 
SSH_MSG_SERVICE_ACCEPT service=ssh-userauth
14:10:14.844 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received 
SSH_MSG_USERAUTH_FAILURE - partial=false, 
methods=publickey,gssapi-keyex,gssapi-with-mic,password
14:10:14.845 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) starting authentication 
mechanisms: client=[publickey, keyboard-interactive, password], 
server=[publickey, gssapi-keyex, gssapi-with-mic, password]
14:10:14.846 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting 
method=publickey
14:10:14.861 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.c.k.l.o.OpenSSHKeyPairResourceParser - 
extractKeyPairs(/u01/home/acs_oracle/.ssh/id_rsa) decode 1 keys using 
context=OpenSSHParserContext[cipher=none, kdfOptions=none: options=]
14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.a.pubkey.UserAuthPublicKey - 
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
 send SSH_MSG_USERAUTH_REQUEST request publickey type=rsa-sha2-512 - 
fingerprint=SHA256:M2rYBEGdWs38yXmFDoFhGvaomhOCqiQv3Ktf+7Kjw+4
14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.session.ClientSessionImpl - 
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #5 sending 
command=50[SSH_MSG_USERAUTH_REQUEST] len=601
14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.sshd.common.io.nio2.Nio2Session - 
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) 
writing 660 bytes
14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) successfully processed 
initial buffer by method=publickey
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received 
SSH_MSG_USERAUTH_FAILURE - partial=false, 
methods=publickey,gssapi-keyex,gssapi-with-mic,password
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.c.k.DefaultClientIdentitiesWatcher - 
loadKeys(/u01/home/acs_oracle/.ssh/id_dsa) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.c.k.DefaultClientIdentitiesWatcher - 
loadKeys(/u01/home/acs_oracle/.ssh/id_ecdsa) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.c.k.DefaultClientIdentitiesWatcher - 
loadKeys(/u01/home/acs_oracle/.ssh/id_ed25519) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.a.pubkey.UserAuthPublicKey - 
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
 no more keys to send
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent 
by method=publickey
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.a.pubkey.UserAuthPublicKey - 
destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
14:10:14.869 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting 
method=password
14:10:14.870 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.a.password.UserAuthPassword - 
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
 no more passwords to send
14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent 
by method=password
14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.a.password.UserAuthPassword - 
destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
14:10:14.872 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG 
o.a.s.c.s.ClientUserAuthService - 
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) exhausted all methods - 
client=[publickey, keyboard-interactive, password], server=[publickey, 
gssapi-keyex, gssapi-with-mic, password]
org.apache.sshd.common.SshException: No more authentication methods available
                at 
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:126)
                at 
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39)
                at 
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32)
                at 
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:56)
                at sl4000.SshdSftpIssue.open(SshdSftpIssue.java:98)
                at sl4000.SshSftpMain.main(SshSftpMain.java:53)

From: Michael Williams
Sent: Monday, April 5, 2021 11:00 AM
To: users@mina.apache.org
Subject: Need my client to send rsa-ssh keys not rsa-sha2-512 to support older 
OpenSSh versions

Hello,

Recently I have been removing JSCH from a java client and replacing it with 
org.apache.sshd 2.6.0.  Unfortunately, my java client runs on linux 6.8 and the 
server is linux 6.10.  So far, I can authenticate with password but not with a 
key pair that comes from my server.
When the certificates fail to authenticate I get the following message on the 
server: "userauth_pubkey: unsupported public key algorithm: rsa-sha2-512".  
From web searches I have discovered that rsa-sha2-512 is not supported until 
greater than OpenSSH_5.7.  The servers that I need to support are running 
OpenSSH_5.3p1.

Can anyone guide me on how to modify the org.apache.sshd 2.6.0 client to use 
the rsa-ssh key algorithm rather than the rsa-sha2-512 key algorithm?

Here is my code:

   public void open() throws Exception {

        this.setSshClient(SshClient.setUpDefaultClient());
        PropertyResolverUtils.updateProperty(this.getSshClient(), 
"KnownHostsServerKeyVerifier.STRICT_CHECKING_OPTION", false);
        this.getSshClient().start();

        // setup the ClientsSession
        this.setClientSession(this.getSshClient().connect(this.getUserName(), 
getHost(), getPort()).verify(getDefaultTimeout(), 
TimeUnit.MILLISECONDS).getSession());

        String[] aKeyStringArray = {"RSA", "ssh-rsa"};
        Vector<String> aKeyTypeList =  new 
Vector<String>(Arrays.asList(aKeyStringArray));

        Map<String, KeyPair> aKeyPairMap = 
ClientIdentity.loadIdentities(getClientSession(), 
Paths.get("/u01/home/acs_oracle/.aspclient/lib"), false, aKeyTypeList, this, 
null, LinkOption.NOFOLLOW_LINKS);

        for(KeyPair aKeyPair : aKeyPairMap.values()) {
               this.getClientSession().addPublicKeyIdentity(aKeyPair);
        }

        this.getClientSession().auth().verify(this.getDefaultTimeout(), 
TimeUnit.MILLISECONDS);

        // setup the SftpClient
        SftpClientFactory sfactory = SftpClientFactory.instance();
        this.setSftpClient(sfactory.createSftpClient(this.getClientSession()));

    }

    @Override
    public Object apply(Object t) {
        this.getLogger().info("MPW-SshdSftpIssue.apply");
        if (t != null) this.getLogger().info("MPW-SshdSftpIssue.apply t:" + 
t.toString());

        if ("RSA".equals(t)) return "sdp2_key";
        if ("ssh-rsa".equals(t)) return "sdp2_key.pub";
        return null;
    }

Reply via email to