You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2020/09/18 15:32:00 UTC

[jira] [Resolved] (SSHD-1082) Content of the RSA key file are overwritten by the new EC key

     [ https://issues.apache.org/jira/browse/SSHD-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lyor Goldstein resolved SSHD-1082.
----------------------------------
      Assignee: Lyor Goldstein
    Resolution: Not A Bug

> Content of the RSA key file are overwritten by the new EC key
> -------------------------------------------------------------
>
>                 Key: SSHD-1082
>                 URL: https://issues.apache.org/jira/browse/SSHD-1082
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Feng Jiajie
>            Assignee: Lyor Goldstein
>            Priority: Major
>
> I put the RSA key for host in /tmp/myhost.
> On the master branch code, after starting SSHD, the key file is overwritten by the newly generated EC key.
> Perhaps this is a risk of losing the RSA key.
> {code:java}
> public static void main(String[] args) throws IOException, InterruptedException {
>   Logger minaLogger = (Logger) LoggerFactory.getLogger("org.apache.sshd");
>   if (minaLogger != null) {
>     minaLogger.setLevel(Level.DEBUG);
>   }
>   SshServer sshd = SshServer.setUpDefaultServer();
>   sshd.setPort(12133);
>   sshd.setKeyPairProvider(new BouncyCastleGeneratorHostKeyProvider(Paths.get("/tmp/myhost")));
>   sshd.setPasswordAuthenticator((username, password, session) -> true);
>   sshd.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
>   sshd.start();
>   Thread.sleep(100000000);
> }
> {code}
> /tmp/myhost :
> {code:java}
> -----BEGIN RSA PRIVATE KEY-----
> MIIEowIBAAKCAQEA7dJnRE11qyJnx5plrTB9lw38GFynVS8/JfggeqUUAFFI4+iD
> i1cfiyPCmZIM7/jxJy5ihZKL18HP9GDCRSPh+HFCzOPVf6q+tLa5NzdHbADzDmXF
> gg5eoPumdpfLbI3kzqe+6VvX1osz/No77QtC79eM8u4PXXibu5vRnK+8narU1DbM
> /36jGnUbPD5iU2PoAziU81bLrlJKk1apRtrhMd+ik9mpjiWKZoE16SpDmHAjSMQI
> yJBwzphfH9drXYKSePm8YRTySqIaY36wSlgf+vrXgXoM0vnmN6dQNZ1ORkO91Lbf
> v9A+7Fi+YxVz7h3i7mQM8F4QcFSn3mnFbuYeEwIDAQABAoIBAEaNLplyqT+1mzf5
> s8QnKHrRaUII6pM4yvEGpQv9QOu/MXJ7HdsOY4sxdp98Vl4yacgH2K5rhRTiqECF
> G9zLAlRjtT93L3UKQDz4IAYjXgrKVVCmHGuyu5viS8XOzkhL597uoJI17tf0v915
> GGH//0GLnoLK4MAH8Zs8ZHipIblbzA/nIKO29tjs2WCOURkAKauYeuv8kpPFIoGA
> Wmcmzz+AlihZfqMYhuBNiQOjlheO8lPkKoKO6xrMtAwey3TZQx55F2SRe8qrh3gD
> +EDT1emuuTGfHv643U3E/PtTz9/uzVeVGHTWyjee2D0zx5/dV18envIChcK7CARx
> kZAi97ECgYEA+w4KkAf3rO3zseQA7+OyucOAaNxWRNuPW/qIXzt8S4NpkhAoEow/
> bfaFGJ0UUZm2/DWaqjg3sr2ugSaFd94IkZZMoaV6Vkn69vARU+K4n/Het/rBbRAx
> 75hyzSVjF8GxdMTcdk+eYZ3OA70kgIjOP1nAd10qIhXAW8DQfeesumUCgYEA8oGi
> V6IGBPL31bhQLPKqHTaohceixH6m7z80JzyFPSPWWUqUB4BsBgq/qKvo8VkQZrBE
> pZr+UDpC+QJDSc01Dz3Kp11knlFndZGPwCZ4QGrNqRFsD5SKBhJxLWRveOk9f0D2
> Mcs3smbwsvU1YkUJzy9UUNv/w9VDLS3hCp6ucxcCgYAMFAvcDBYVYslTqKWG5QyH
> NWmrIdagr3OBOFdxRXpgY60jktVqtwaiMrcKjRwaJOwRzD5prBS567hGjGTldHAz
> GOkM6dot5pdFZB1hTMoXH9rYPR8rMRlF7q6vQfo3fWEdPg9hPclf5uivc10bNfm+
> QIIq+/d39lXv1CHzvL6ppQKBgQDio7bWUa1weKaYzb3YlB3aWZfcF3yOSZO4KwiR
> 1uTrBBAyuRlpfWL3rpn6iFeXH9bNMdWmNBmTXy/ySmQamDcLfINmMUl1EL0xSo3f
> VdSy115HsOmeEgOAs0Gk26W2ib0YrdypIrR1/fDcP4DZy43kXOZe/4ykOC6lDaix
> ZSXClwKBgGcPWUpU8WKpgK48TZEhBGLZAZC1FxFKYhZrrsqpqAjaRMHoc+9NDVEP
> cjzUNwmaF5R0pqsB41wAK5AN2RpHtAHWWIivQ4FerohIxKJ/Mz26t7yDg0/har3O
> zy4I8x1F1/NuLGG2oK3FNYoxmykuIWh9B57v4CGgwbgSDUbEMkoN
> -----END RSA PRIVATE KEY-----
> {code}
> log:
> {code:java}
> 2020-09-18 18:28:30.248 |- DEBUG [sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--] o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider : resolveKeyPair(/tmp/myhost) mismatched loaded key algorithm: expected=EC, loaded=RSA
> 2020-09-18 18:28:30.405 |- INFO  [sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--] o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider : generateKeyPair(EC) generating host key=nistp521
> 2020-09-18 18:28:30.448 |- DEBUG [sshd-SshServer[2a5c8d3f](port=12133)-nio2-thread-1] [--] o.a.s.c.u.s.b.BouncyCastleGeneratorHostKeyProvider : resolveKeyPair(/tmp/myhost) generated EC key=ecdsa-sha2-nistp521-SHA256:9MVQumUEQx8YnTsK0yhWFLp84qlHTUfgEH1rz9HvJw8
> {code}
> A simple way to handle this might be
> {code:java}
> AbstractGeneratorHostKeyProvider.java
>          // Not same algorithm - start again
>          if (log.isDebugEnabled()) {
>              log.debug("resolveKeyPair({}) mismatched loaded key algorithm: expected={}, loaded={}",
>                      keyPath, alg, keyAlgorithm);
>          }
> -        Files.deleteIfExists(keyPath);
> -        return null;
> +        throw new IOException("mismatched loaded key algorithm");
>      }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org