All,
Please help! I am very stuck and very green at working with authenticating
using key files. (These key files work with JSCH but I have not been able to
get them to work with mina)
Current status: I have upgraded my server to Oracle Linux 7 and my server side
error has gone away. However the client authentication using the keys
continues to fail. Here are the log messages from the client code I provided
in my prior email. Please note: I do not understand why my key pair fails to
authenticate. Maybe someone could read these log messages and tell me my
error. ...thanks!
14:10:14.382 [main] INFO sl4000.SshdSftpIssue - MPW-SshdSftpIssue constructor:
Just created the logback logger.
14:10:14.524 [main] DEBUG o.a.s.c.util.security.SecurityUtils - register(BC)
not registered - enabled=true, supported=false
14:10:14.548 [main] INFO o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar -
getOrCreateProvider(EdDSA) created instance of
net.i2p.crypto.eddsa.EdDSASecurityProvider
14:10:14.602 [main] INFO o.a.s.c.i.DefaultIoServiceFactoryFactory - No
detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
14:10:14.612 [main] DEBUG o.a.s.c.c.h.DefaultConfigFileHostEntryResolver -
resolveEffectiveHost(sdp2admin@10.80.26.185:22/null) => null
14:10:14.612 [main] DEBUG org.apache.sshd.client.SshClient -
connect(sdp2admin@10.80.26.185:22) no overrides
14:10:14.616 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector - Connecting to
/10.80.26.185:22
14:10:14.618 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector -
setOption(SO_REUSEADDR)[true] from property=Property[socket-reuseaddr](Boolean]
14:10:14.623 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.sshd.common.io.nio2.Nio2Session - Creating IoSession on /10.80.102.25:44011
from /10.80.26.185:22 via null
14:10:14.634 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl - Client session created:
Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]
14:10:14.635 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.s.ClientUserAuthService -
ClientUserAuthService(ClientSessionImpl[null@/10.80.26.185:22]) client methods:
[publickey, keyboard-interactive, password]
14:10:14.638 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.s.h.SessionTimeoutListener -
sessionCreated(ClientSessionImpl[null@/10.80.26.185:22]) tracking
14:10:14.639 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
initializeProxyConnector(ClientSessionImpl[null@/10.80.26.185:22]) no proxy to
initialize
14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
sendIdentification(ClientSessionImpl[null@/10.80.26.185:22]):
SSH-2.0-APACHE-SSHD-2.6.0-SL4000
14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 34 bytes
14:10:14.643 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
sendKexInit(ClientSessionImpl[null@/10.80.26.185:22]) Send SSH_MSG_KEXINIT
14:10:14.648 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[null@/10.80.26.185:22]) packet #0 sending
command=20[SSH_MSG_KEXINIT] len=1227
14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 1240 bytes
14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
org.apache.sshd.client.SshClient -
setupDefaultSessionIdentities(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
key identity provider override in session listener
14:10:14.650 [main] DEBUG o.a.s.c.future.DefaultConnectFuture - Connected to
/10.80.26.185:22 after 30795301 nanos
14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
doReadIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
line='SSH-2.0-OpenSSH_7.4'
14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
readIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Server
version string: SSH-2.0-OpenSSH_7.4
14:10:14.650 [main] DEBUG o.a.s.c.s.ClientUserAuthService -
auth(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] send
SSH_MSG_USERAUTH_REQUEST for 'none'
14:10:14.651 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
handleKexInit(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_KEXINIT
14:10:14.651 [main] DEBUG o.a.s.c.session.ClientSessionImpl -
enqueuePendingPacket(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[SSH_MSG_USERAUTH_REQUEST]
Start flagging packets as pending until key exchange is done
14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex:
server->client aes128-ctr hmac-sha2-256-...@openssh.com none
14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex:
client->server aes128-ctr hmac-sha2-256-...@openssh.com none
14:10:14.715 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
org.apache.sshd.client.kex.DHGClient -
init(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]]
Send SSH_MSG_KEXDH_INIT
14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #1 sending
command=30[30] len=138
14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 152 bytes
14:10:14.726 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
org.apache.sshd.client.kex.DHGClient -
next(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]]
process command=SSH_MSG_KEXDH_REPLY
14:10:14.747 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
setServerKey(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
keyType=ecdsa-sha2-nistp256,
digest=SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
handleKexMessage(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ecdh-sha2-nistp521]
KEX processing complete after cmd=31
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] WARN
o.a.s.c.k.AcceptAllServerKeyVerifier - Server at /10.80.26.185:22 presented
unverified EC key: SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
checkKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
key=ecdsa-sha2-nistp256-SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc,
verified=true
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
sendNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send SSH_MSG_NEWKEYS
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #2 sending
command=21[SSH_MSG_NEWKEYS] len=1
14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 16 bytes
14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_NEWKEYS
command=SSH_MSG_NEWKEYS
14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) session
ID=ef:17:de:b6:ee:bd:50:c4:25:ba:6d:22:8c:4e:07:98:6d:d4:7b:ca:44:59:db:19:a5:d5:95:5a:fe:a5:f1:61:dc:80:c8:87:cc:63:83:40:a6:88:f1:f7:9c:1f:f5:6a:6c:54:f6:af:00:c5:d1:3b:4c:0d:b2:fd:1a:64:a8:56
14:10:14.784 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
inCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16],
outCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16],
recommended blocks limit=4294967296, actual=4294967296
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
sendInitialServiceRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send
SSH_MSG_SERVICE_REQUEST for ssh-userauth
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #3 sending
command=5[SSH_MSG_SERVICE_REQUEST] len=17
14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 84 bytes
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #4 sending
command=50[SSH_MSG_USERAUTH_REQUEST] len=40
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 100 bytes
14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG
o.a.s.c.session.ClientSessionImpl -
handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) sent 1 pending
packets
14:10:14.790 [sshd-SshClient[52525845]-nio2-thread-3] DEBUG
o.a.s.c.session.ClientSessionImpl -
handleServiceAccept(ClientSessionImpl[sdp2admin@/10.80.26.185:22])
SSH_MSG_SERVICE_ACCEPT service=ssh-userauth
14:10:14.844 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.s.ClientUserAuthService -
processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received
SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
14:10:14.845 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) starting authentication
mechanisms: client=[publickey, keyboard-interactive, password],
server=[publickey, gssapi-keyex, gssapi-with-mic, password]
14:10:14.846 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting
method=publickey
14:10:14.861 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.c.k.l.o.OpenSSHKeyPairResourceParser -
extractKeyPairs(/u01/home/acs_oracle/.ssh/id_rsa) decode 1 keys using
context=OpenSSHParserContext[cipher=none, kdfOptions=none: options=]
14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.a.pubkey.UserAuthPublicKey -
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
send SSH_MSG_USERAUTH_REQUEST request publickey type=rsa-sha2-512 -
fingerprint=SHA256:M2rYBEGdWs38yXmFDoFhGvaomhOCqiQv3Ktf+7Kjw+4
14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.session.ClientSessionImpl -
encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #5 sending
command=50[SSH_MSG_USERAUTH_REQUEST] len=601
14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.sshd.common.io.nio2.Nio2Session -
writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22])
writing 660 bytes
14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) successfully processed
initial buffer by method=publickey
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.s.ClientUserAuthService -
processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received
SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.c.k.DefaultClientIdentitiesWatcher -
loadKeys(/u01/home/acs_oracle/.ssh/id_dsa) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.c.k.DefaultClientIdentitiesWatcher -
loadKeys(/u01/home/acs_oracle/.ssh/id_ecdsa) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.c.k.DefaultClientIdentitiesWatcher -
loadKeys(/u01/home/acs_oracle/.ssh/id_ed25519) no key loaded
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.a.pubkey.UserAuthPublicKey -
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
no more keys to send
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent
by method=publickey
14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.a.pubkey.UserAuthPublicKey -
destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
14:10:14.869 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting
method=password
14:10:14.870 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.a.password.UserAuthPassword -
sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
no more passwords to send
14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent
by method=password
14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.a.password.UserAuthPassword -
destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection]
14:10:14.872 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG
o.a.s.c.s.ClientUserAuthService -
tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) exhausted all methods -
client=[publickey, keyboard-interactive, password], server=[publickey,
gssapi-keyex, gssapi-with-mic, password]
org.apache.sshd.common.SshException: No more authentication methods available
at
org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:126)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39)
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32)
at
org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:56)
at sl4000.SshdSftpIssue.open(SshdSftpIssue.java:98)
at sl4000.SshSftpMain.main(SshSftpMain.java:53)
From: Michael Williams
Sent: Monday, April 5, 2021 11:00 AM
To: users@mina.apache.org
Subject: Need my client to send rsa-ssh keys not rsa-sha2-512 to support older
OpenSSh versions
Hello,
Recently I have been removing JSCH from a java client and replacing it with
org.apache.sshd 2.6.0. Unfortunately, my java client runs on linux 6.8 and the
server is linux 6.10. So far, I can authenticate with password but not with a
key pair that comes from my server.
When the certificates fail to authenticate I get the following message on the
server: "userauth_pubkey: unsupported public key algorithm: rsa-sha2-512".
From web searches I have discovered that rsa-sha2-512 is not supported until
greater than OpenSSH_5.7. The servers that I need to support are running
OpenSSH_5.3p1.
Can anyone guide me on how to modify the org.apache.sshd 2.6.0 client to use
the rsa-ssh key algorithm rather than the rsa-sha2-512 key algorithm?
Here is my code:
public void open() throws Exception {
this.setSshClient(SshClient.setUpDefaultClient());
PropertyResolverUtils.updateProperty(this.getSshClient(),
"KnownHostsServerKeyVerifier.STRICT_CHECKING_OPTION", false);
this.getSshClient().start();
// setup the ClientsSession
this.setClientSession(this.getSshClient().connect(this.getUserName(),
getHost(), getPort()).verify(getDefaultTimeout(),
TimeUnit.MILLISECONDS).getSession());
String[] aKeyStringArray = {"RSA", "ssh-rsa"};
Vector<String> aKeyTypeList = new
Vector<String>(Arrays.asList(aKeyStringArray));
Map<String, KeyPair> aKeyPairMap =
ClientIdentity.loadIdentities(getClientSession(),
Paths.get("/u01/home/acs_oracle/.aspclient/lib"), false, aKeyTypeList, this,
null, LinkOption.NOFOLLOW_LINKS);
for(KeyPair aKeyPair : aKeyPairMap.values()) {
this.getClientSession().addPublicKeyIdentity(aKeyPair);
}
this.getClientSession().auth().verify(this.getDefaultTimeout(),
TimeUnit.MILLISECONDS);
// setup the SftpClient
SftpClientFactory sfactory = SftpClientFactory.instance();
this.setSftpClient(sfactory.createSftpClient(this.getClientSession()));
}
@Override
public Object apply(Object t) {
this.getLogger().info("MPW-SshdSftpIssue.apply");
if (t != null) this.getLogger().info("MPW-SshdSftpIssue.apply t:" +
t.toString());
if ("RSA".equals(t)) return "sdp2_key";
if ("ssh-rsa".equals(t)) return "sdp2_key.pub";
return null;
}
