You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Stefan Verhoeven (JIRA)" <ji...@apache.org> on 2018/10/17 18:05:00 UTC

[jira] [Created] (SSHD-852) Verification fails for hashed known host entry on non standard port generated by OpenSSH client

Stefan Verhoeven created SSHD-852:
-------------------------------------

             Summary: Verification fails for hashed known host entry on non standard port generated by OpenSSH client
                 Key: SSHD-852
                 URL: https://issues.apache.org/jira/browse/SSHD-852
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.1.1
         Environment: Linux Mint 19
            Reporter: Stefan Verhoeven
         Attachments: ConnectToNonDefaultPortTest.java

The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH client when the entry is on a port other than 22.

 

I get the following exception
{code:java}
org.apache.sshd.common.SshException: Server key did not validate

 at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440)
...{code}
 

The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference will cause the correct known host entry to be marked as not a match which in turn causes the exception.

 

The error can be reproduced by setting up the a SSH server
{code:java}
rm ~/.ssh/known_hosts
docker run -d -p 2222:22 nlesc/xenon-ssh 
# Prime known hosts with hash entry, password=javagat
ssh xenon@localhost -p 10022 hostname
{code}
and then running the attached test.

 

I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)