You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Stefan Verhoeven (JIRA)" <ji...@apache.org> on 2018/10/17 18:05:00 UTC
[jira] [Created] (SSHD-852) Verification fails for hashed known
host entry on non standard port generated by OpenSSH client
Stefan Verhoeven created SSHD-852:
-------------------------------------
Summary: Verification fails for hashed known host entry on non standard port generated by OpenSSH client
Key: SSHD-852
URL: https://issues.apache.org/jira/browse/SSHD-852
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.1.1
Environment: Linux Mint 19
Reporter: Stefan Verhoeven
Attachments: ConnectToNonDefaultPortTest.java
The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH client when the entry is on a port other than 22.
I get the following exception
{code:java}
org.apache.sshd.common.SshException: Server key did not validate
at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
...{code}
The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference will cause the correct known host entry to be marked as not a match which in turn causes the exception.
The error can be reproduced by setting up the a SSH server
{code:java}
rm ~/.ssh/known_hosts
docker run -d -p 2222:22 nlesc/xenon-ssh
# Prime known hosts with hash entry, password=javagat
ssh xenon@localhost -p 10022 hostname
{code}
and then running the attached test.
I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)