All, Please help! I am very stuck and very green at working with authenticating using key files. (These key files work with JSCH but I have not been able to get them to work with mina)
Current status: I have upgraded my server to Oracle Linux 7 and my server side error has gone away. However the client authentication using the keys continues to fail. Here are the log messages from the client code I provided in my prior email. Please note: I do not understand why my key pair fails to authenticate. Maybe someone could read these log messages and tell me my error. ...thanks! 14:10:14.382 [main] INFO sl4000.SshdSftpIssue - MPW-SshdSftpIssue constructor: Just created the logback logger. 14:10:14.524 [main] DEBUG o.a.s.c.util.security.SecurityUtils - register(BC) not registered - enabled=true, supported=false 14:10:14.548 [main] INFO o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar - getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider 14:10:14.602 [main] INFO o.a.s.c.i.DefaultIoServiceFactoryFactory - No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory 14:10:14.612 [main] DEBUG o.a.s.c.c.h.DefaultConfigFileHostEntryResolver - resolveEffectiveHost(sdp2admin@10.80.26.185:22/null) => null 14:10:14.612 [main] DEBUG org.apache.sshd.client.SshClient - connect(sdp2admin@10.80.26.185:22) no overrides 14:10:14.616 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector - Connecting to /10.80.26.185:22 14:10:14.618 [main] DEBUG o.a.s.common.io.nio2.Nio2Connector - setOption(SO_REUSEADDR)[true] from property=Property[socket-reuseaddr](Boolean] 14:10:14.623 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.sshd.common.io.nio2.Nio2Session - Creating IoSession on /10.80.102.25:44011 from /10.80.26.185:22 via null 14:10:14.634 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - Client session created: Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22] 14:10:14.635 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.s.ClientUserAuthService - ClientUserAuthService(ClientSessionImpl[null@/10.80.26.185:22]) client methods: [publickey, keyboard-interactive, password] 14:10:14.638 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.s.h.SessionTimeoutListener - sessionCreated(ClientSessionImpl[null@/10.80.26.185:22]) tracking 14:10:14.639 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - initializeProxyConnector(ClientSessionImpl[null@/10.80.26.185:22]) no proxy to initialize 14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - sendIdentification(ClientSessionImpl[null@/10.80.26.185:22]): SSH-2.0-APACHE-SSHD-2.6.0-SL4000 14:10:14.640 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 34 bytes 14:10:14.643 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - sendKexInit(ClientSessionImpl[null@/10.80.26.185:22]) Send SSH_MSG_KEXINIT 14:10:14.648 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[null@/10.80.26.185:22]) packet #0 sending command=20[SSH_MSG_KEXINIT] len=1227 14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 1240 bytes 14:10:14.649 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG org.apache.sshd.client.SshClient - setupDefaultSessionIdentities(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) key identity provider override in session listener 14:10:14.650 [main] DEBUG o.a.s.c.future.DefaultConnectFuture - Connected to /10.80.26.185:22 after 30795301 nanos 14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - doReadIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) line='SSH-2.0-OpenSSH_7.4' 14:10:14.650 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - readIdentification(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Server version string: SSH-2.0-OpenSSH_7.4 14:10:14.650 [main] DEBUG o.a.s.c.s.ClientUserAuthService - auth(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] send SSH_MSG_USERAUTH_REQUEST for 'none' 14:10:14.651 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - handleKexInit(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_KEXINIT 14:10:14.651 [main] DEBUG o.a.s.c.session.ClientSessionImpl - enqueuePendingPacket(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[SSH_MSG_USERAUTH_REQUEST] Start flagging packets as pending until key exchange is done 14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex: server->client aes128-ctr hmac-sha2-256-...@openssh.com none 14:10:14.655 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - setNegotiationResult(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Kex: client->server aes128-ctr hmac-sha2-256-...@openssh.com none 14:10:14.715 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG org.apache.sshd.client.kex.DHGClient - init(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]] Send SSH_MSG_KEXDH_INIT 14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #1 sending command=30[30] len=138 14:10:14.716 [sshd-SshClient[52525845]-nio2-thread-1] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 152 bytes 14:10:14.726 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG org.apache.sshd.client.kex.DHGClient - next(DHGClient[ecdh-sha2-nistp521])[ClientSessionImpl[sdp2admin@/10.80.26.185:22]] process command=SSH_MSG_KEXDH_REPLY 14:10:14.747 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - setServerKey(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) keyType=ecdsa-sha2-nistp256, digest=SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - handleKexMessage(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ecdh-sha2-nistp521] KEX processing complete after cmd=31 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] WARN o.a.s.c.k.AcceptAllServerKeyVerifier - Server at /10.80.26.185:22 presented unverified EC key: SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - checkKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) key=ecdsa-sha2-nistp256-SHA256:vQyHhBQynXUOL1fUt8yWZ34ZH0zUGD7HHsrLcAavTQc, verified=true 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - sendNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send SSH_MSG_NEWKEYS 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #2 sending command=21[SSH_MSG_NEWKEYS] len=1 14:10:14.748 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 16 bytes 14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_NEWKEYS command=SSH_MSG_NEWKEYS 14:10:14.749 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) session ID=ef:17:de:b6:ee:bd:50:c4:25:ba:6d:22:8c:4e:07:98:6d:d4:7b:ca:44:59:db:19:a5:d5:95:5a:fe:a5:f1:61:dc:80:c8:87:cc:63:83:40:a6:88:f1:f7:9c:1f:f5:6a:6c:54:f6:af:00:c5:d1:3b:4c:0d:b2:fd:1a:64:a8:56 14:10:14.784 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - receiveNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) inCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16], outCipher=BaseCipher[AES, ivSize=16, kdfSize=16,AES/CTR/NoPadding, blkSize=16], recommended blocks limit=4294967296, actual=4294967296 14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - sendInitialServiceRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Send SSH_MSG_SERVICE_REQUEST for ssh-userauth 14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #3 sending command=5[SSH_MSG_SERVICE_REQUEST] len=17 14:10:14.785 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 84 bytes 14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #4 sending command=50[SSH_MSG_USERAUTH_REQUEST] len=40 14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 100 bytes 14:10:14.786 [sshd-SshClient[52525845]-nio2-thread-2] DEBUG o.a.s.c.session.ClientSessionImpl - handleNewKeys(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) sent 1 pending packets 14:10:14.790 [sshd-SshClient[52525845]-nio2-thread-3] DEBUG o.a.s.c.session.ClientSessionImpl - handleServiceAccept(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) SSH_MSG_SERVICE_ACCEPT service=ssh-userauth 14:10:14.844 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.s.ClientUserAuthService - processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password 14:10:14.845 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) starting authentication mechanisms: client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] 14:10:14.846 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting method=publickey 14:10:14.861 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.c.k.l.o.OpenSSHKeyPairResourceParser - extractKeyPairs(/u01/home/acs_oracle/.ssh/id_rsa) decode 1 keys using context=OpenSSHParserContext[cipher=none, kdfOptions=none: options=] 14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.a.pubkey.UserAuthPublicKey - sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] send SSH_MSG_USERAUTH_REQUEST request publickey type=rsa-sha2-512 - fingerprint=SHA256:M2rYBEGdWs38yXmFDoFhGvaomhOCqiQv3Ktf+7Kjw+4 14:10:14.864 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.session.ClientSessionImpl - encode(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) packet #5 sending command=50[SSH_MSG_USERAUTH_REQUEST] len=601 14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.sshd.common.io.nio2.Nio2Session - writeBuffer(Nio2Session[local=/10.80.102.25:44011, remote=/10.80.26.185:22]) writing 660 bytes 14:10:14.865 [sshd-SshClient[52525845]-nio2-thread-4] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) successfully processed initial buffer by method=publickey 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.s.ClientUserAuthService - processUserAuth(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.c.k.DefaultClientIdentitiesWatcher - loadKeys(/u01/home/acs_oracle/.ssh/id_dsa) no key loaded 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.c.k.DefaultClientIdentitiesWatcher - loadKeys(/u01/home/acs_oracle/.ssh/id_ecdsa) no key loaded 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.c.k.DefaultClientIdentitiesWatcher - loadKeys(/u01/home/acs_oracle/.ssh/id_ed25519) no key loaded 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.a.pubkey.UserAuthPublicKey - sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] no more keys to send 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent by method=publickey 14:10:14.868 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.a.pubkey.UserAuthPublicKey - destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] 14:10:14.869 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) attempting method=password 14:10:14.870 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.a.password.UserAuthPassword - sendAuthDataRequest(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] no more passwords to send 14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) no initial request sent by method=password 14:10:14.871 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.a.password.UserAuthPassword - destroy(ClientSessionImpl[sdp2admin@/10.80.26.185:22])[ssh-connection] 14:10:14.872 [sshd-SshClient[52525845]-nio2-thread-5] DEBUG o.a.s.c.s.ClientUserAuthService - tryNext(ClientSessionImpl[sdp2admin@/10.80.26.185:22]) exhausted all methods - client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] org.apache.sshd.common.SshException: No more authentication methods available at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:126) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:56) at sl4000.SshdSftpIssue.open(SshdSftpIssue.java:98) at sl4000.SshSftpMain.main(SshSftpMain.java:53) From: Michael Williams Sent: Monday, April 5, 2021 11:00 AM To: users@mina.apache.org Subject: Need my client to send rsa-ssh keys not rsa-sha2-512 to support older OpenSSh versions Hello, Recently I have been removing JSCH from a java client and replacing it with org.apache.sshd 2.6.0. Unfortunately, my java client runs on linux 6.8 and the server is linux 6.10. So far, I can authenticate with password but not with a key pair that comes from my server. When the certificates fail to authenticate I get the following message on the server: "userauth_pubkey: unsupported public key algorithm: rsa-sha2-512". From web searches I have discovered that rsa-sha2-512 is not supported until greater than OpenSSH_5.7. The servers that I need to support are running OpenSSH_5.3p1. Can anyone guide me on how to modify the org.apache.sshd 2.6.0 client to use the rsa-ssh key algorithm rather than the rsa-sha2-512 key algorithm? Here is my code: public void open() throws Exception { this.setSshClient(SshClient.setUpDefaultClient()); PropertyResolverUtils.updateProperty(this.getSshClient(), "KnownHostsServerKeyVerifier.STRICT_CHECKING_OPTION", false); this.getSshClient().start(); // setup the ClientsSession this.setClientSession(this.getSshClient().connect(this.getUserName(), getHost(), getPort()).verify(getDefaultTimeout(), TimeUnit.MILLISECONDS).getSession()); String[] aKeyStringArray = {"RSA", "ssh-rsa"}; Vector<String> aKeyTypeList = new Vector<String>(Arrays.asList(aKeyStringArray)); Map<String, KeyPair> aKeyPairMap = ClientIdentity.loadIdentities(getClientSession(), Paths.get("/u01/home/acs_oracle/.aspclient/lib"), false, aKeyTypeList, this, null, LinkOption.NOFOLLOW_LINKS); for(KeyPair aKeyPair : aKeyPairMap.values()) { this.getClientSession().addPublicKeyIdentity(aKeyPair); } this.getClientSession().auth().verify(this.getDefaultTimeout(), TimeUnit.MILLISECONDS); // setup the SftpClient SftpClientFactory sfactory = SftpClientFactory.instance(); this.setSftpClient(sfactory.createSftpClient(this.getClientSession())); } @Override public Object apply(Object t) { this.getLogger().info("MPW-SshdSftpIssue.apply"); if (t != null) this.getLogger().info("MPW-SshdSftpIssue.apply t:" + t.toString()); if ("RSA".equals(t)) return "sdp2_key"; if ("ssh-rsa".equals(t)) return "sdp2_key.pub"; return null; }