You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Guillermo Grandes (Jira)" <ji...@apache.org> on 2020/08/21 17:48:00 UTC
[jira] [Created] (SSHD-1063) KnownHostsServerKeyVerifier fail with
alternative ports (non 22/TCP)
Guillermo Grandes created SSHD-1063:
---------------------------------------
Summary: KnownHostsServerKeyVerifier fail with alternative ports (non 22/TCP)
Key: SSHD-1063
URL: https://issues.apache.org/jira/browse/SSHD-1063
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.5.1
Reporter: Guillermo Grandes
First connection, to port 22, create entry in known_hosts (this is OK).
{code:none}
2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient - Connecting to: test-sshd@192.168.7.5:22
2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session established: test-sshd@192.168.7.5:22
{code}
After disconnect, a second connection, but to port 2020, same IP but another port (responded by another ssh-service), connection fails (detect changed key, this is bad).
{code:none}
2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient - Connecting to: test-sshd@192.168.7.5:2020
2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] ClientSessionImpl - exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened] SshException: Server key did not validate
2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO] ClientSessionImpl - Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]): SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate
2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] ClientSessionImpl - disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation failed (ClosedChannelException) for reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]: null
2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient - IOException: org.apache.sshd.common.SshException: Server key did not validate
{code}
If the first connection is to port 2020, and second is to port 22, two entries are created in known_hosts and all works fine.
To reproduce, with this snippet of code:
{code:java}
final File knownHost = new File("/tmp/known_hosts");
knownHost.delete();
knownHost.createNewFile();
KnownHostsServerKeyVerifier hostVerifier = new KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) -> true), knownHost.toPath()); // Accept unknown
hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress, entry, expected, actual) -> false); // Reject modified
SshClient client = SshClient.setUpDefaultClient();
client.setServerKeyVerifier(hostVerifier);
client.start();
// ...etc...
{code}
* Connect to server A, port 22.
* Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020 in server A to server B in port 22).
My intuition tells me that the solution (or maybe workaround) could be this little change:
{code:java}
// class: org.apache.sshd.client.config.hosts.KnownHostHashValue
public static <A extends Appendable> A appendHostPattern(A sb, String host, int port) throws IOException {
- boolean nonDefaultPort = (port > 0) && (port != SshConstants.DEFAULT_PORT);
+ boolean nonDefaultPort = true;
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org