You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2019/02/01 16:33:00 UTC

[jira] [Assigned] (SSHD-886) unable to connect from AIX 7.2, contains workaround

     [ https://issues.apache.org/jira/browse/SSHD-886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Goldstein Lyor reassigned SSHD-886:
-----------------------------------

    Assignee: Goldstein Lyor

> unable to connect from AIX 7.2, contains workaround
> ---------------------------------------------------
>
>                 Key: SSHD-886
>                 URL: https://issues.apache.org/jira/browse/SSHD-886
>             Project: MINA SSHD
>          Issue Type: Bug
>         Environment: AIX 7.2 openssh client attempting connection to Bitbucket 5.16.0 containing Mina 2.0.19
>            Reporter: Antony Suter
>            Assignee: Goldstein Lyor
>            Priority: Major
>
> There is a potential bug in Mina in handling a custom SSH packet type 106. "Unassigned" according to [https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml]
> My scenario is attempting to git clone from the ssh server inside Bitbucket 5.16.0, which is Mina 2.0.19.
> On Linux if I set:
> {{export GIT_SSH_COMMAND="ssh -vvv"}}
> Then I get this log fragment from my git clone failing:
> {{debug1: Host '[bitbucketdev]:7999' is known and matches the RSA host key.}}
> {{debug1: Found key in /home/<...>/.ssh/known_hosts:1}}
> {{debug3: send packet: type 21}}
> {{debug2: set_newkeys: mode 1}}
> {{debug1: rekey after 4294967296 blocks}}
> {{debug1: SSH2_MSG_NEWKEYS sent}}
> {{debug1: expecting SSH2_MSG_NEWKEYS}}
> {{debug3: receive packet: type 21}}
> {{debug1: SSH2_MSG_NEWKEYS received}}
> {{debug2: set_newkeys: mode 0}}
> {{debug1: rekey after 4294967296 blocks}}
> {{debug2: key: /home/<...>/.ssh/id_rsa (200855b8)}}
> {{debug2: key: /home/<...>/.ssh/id_dsa (0)}}
> {{debug2: key: /home/<...>/.ssh/id_ecdsa (0)}}
> {{debug2: key: /home/<...>/.ssh/id_ed25519 (0)}}
> {{debug3: send packet: type 5}}
> {{debug3: receive packet: type 6}}
> {{debug2: service_accept: ssh-userauth}}
> {{debug1: SSH2_MSG_SERVICE_ACCEPT received}}
> {{debug3: send packet: type 50}}
> {{debug3: receive packet: type 51}}
> {{debug1: Authentications that can continue: publickey}}
> {{debug3: start over, passed a different list publickey}}
> {{debug3: preferred publickey,keyboard-interactive,password}}
> {{debug3: authmethod_lookup publickey}}
> {{debug3: remaining preferred: keyboard-interactive,password}}
> {{debug3: authmethod_is_enabled publickey}}
> {{debug1: Next authentication method: publickey}}
> {{debug1: Offering RSA public key: /home/<...>/.ssh/id_rsa}}
> {{debug3: send_pubkey_test}}
> {{debug3: send packet: type 50}}
> {{debug2: we sent a publickey packet, wait for reply}}
> {{debug3: receive packet: type 60}}
> {{debug1: Server accepts key: pkalg ssh-rsa blen 279}}
> {{debug2: input_userauth_pk_ok: fp SHA256:<...>}}
> {{debug3: sign_and_send_pubkey: RSA SHA256:<...>}}
> {{debug3: send packet: type {color:#FF0000}106{color}}}
> {{debug1: Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet}}
> {{debug3: send packet: type 50}}
> {{debug3: receive packet: type 51}}
> {{debug1: Authentications that can continue: publickey}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_dsa}}
> {{debug3: no such identity: /home/<...>/.ssh/id_dsa: No such file or directory}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_ecdsa}}
> {{debug3: no such identity: /home/<...>/.ssh/id_ecdsa: No such file or directory}}
> {{debug1: Trying private key: /home/<...>/.ssh/id_ed25519}}
> {{debug3: no such identity: /home/<...>/.ssh/id_ed25519: No such file or directory}}
> {{debug2: we did not send a packet, disable method}}
> {{debug1: No more authentication methods to try.}}
> {{Permission denied (publickey).}}
> {{fatal: Could not read from remote repository.}}{{Please make sure you have the correct access rights}}
> {{and the repository exists.}}
> After my key is sent to Mina and accepted with Server accepts key (and Bitbucket logs the acceptance), the AIX openssh client sends packet type 106, then the key is rejected.
> The workaround is to set an option in my ~/.ssh/config file:
> {{AllowPKCS12keystoreAutoOpen no}}
> Then I can git clone successfully.
> This ssh option is custom and unrecognized on Linux openssh client.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)