You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2018/10/17 18:45:00 UTC

[jira] [Commented] (SSHD-852) Verification fails for hashed known host entry on non standard port generated by OpenSSH client

    [ https://issues.apache.org/jira/browse/SSHD-852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654040#comment-16654040 ] 

Goldstein Lyor commented on SSHD-852:
-------------------------------------

Thanks for the contribution - created [https://github.com/apache/mina-sshd/pull/71.] I will review it and merge it in if no problems come up. Can you provide some link to the documentation that explains how known host hashes should be calculated for standard and non-standard ports ? I would be especially interested also in how to hash IPv6 addresses (though not an issue at the moment).

> Verification fails for hashed known host entry on non standard port generated by OpenSSH client
> -----------------------------------------------------------------------------------------------
>
>                 Key: SSHD-852
>                 URL: https://issues.apache.org/jira/browse/SSHD-852
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Linux Mint 19
>            Reporter: Stefan Verhoeven
>            Priority: Minor
>         Attachments: ConnectToNonDefaultPortTest.java
>
>
> The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH client when the entry is on a port other than 22.
>  
> I get the following exception
> {code:java}
> org.apache.sshd.common.SshException: Server key did not validate
>  at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
> ...{code}
>  
> The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference will cause the correct known host entry to be marked as not a match which in turn causes the exception.
>  
> The error can be reproduced by setting up the a SSH server
> {code:java}
> rm ~/.ssh/known_hosts
> docker run -d -p 2222:22 nlesc/xenon-ssh 
> # Prime known hosts with hash entry, password=javagat
> ssh xenon@localhost -p 10022 hostname
> {code}
> and then running the attached test.
>  
> I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)