You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Thomas Wolf (Jira)" <ji...@apache.org> on 2022/06/16 14:28:00 UTC
[jira] [Commented] (SSHD-1270) MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
[ https://issues.apache.org/jira/browse/SSHD-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17555102#comment-17555102 ]
Thomas Wolf commented on SSHD-1270:
-----------------------------------
You are using OpenSSH_7.2p2, which is very old, and AFAIK was the first version with rsa-sha2-512 signature support. There were bugs in OpenSSH when the SHA-2 signatures were introduced, and AFAIK there was also a bug concerning the ssh-agent.
The Gerrit server log posted at the Gerrit bug tracker shows that the signature verification failed. Perhaps the OpenSSH 7.2 client actually sent a ssh-rsa signature instead of rsa-sha-512?
The client log file you posted at the Gerrit bug tracker shows only the failed authentication. But it shows "debug2: key: /home/gaowenjun/.ssh/id_rsa (0x556e3270a720), agent", so I presume that run used the agent.
# Verify that you can connect without using the agent. Specify the {{IdentityFile}} explicitly in {{{}~/.ssh/config{}}}, set {{{}IdentitiesOnly yes{}}}, and set {{IdentityAgent none.}}
# Verify what keys the ssh-agent contains initially. Does it run initially? Does it contain the correct key?
# Make sure the agent contains the correct key, undo the changes from (1), and try to connect.
Logs for both cases (successful _and_ unsuccessful attempts) would be helpful.
> MINA-SSHD 2.8.0 break Ubuntu 16.04 users connection
> ---------------------------------------------------
>
> Key: SSHD-1270
> URL: https://issues.apache.org/jira/browse/SSHD-1270
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.8.0
> Reporter: CY
> Priority: Major
> Attachments: 1
>
>
> steps to reproduce:
> 1.upgrade Gerrit to 3.6 (which use 2.8.0 SSHD
> 2.Ubuntu 16.04 user try to connect Gerrit via ssh
> `ssh -p 29418 username@gerrit.mioffice.cn gerrit`
> 3.Got "Permission denied (publickey)."
> 4.execute eval "$(ssh-agent -s) && ssh-add"
> 5.`ssh -p 29418 username@gerrit.mioffice.cn gerrit` now can connect to Gerrit correctly.
> 6.Reboot the PC, then cannot connect again, and need to execute "eval "$(ssh-agent -s) && ssh-add"" again.
>
> Here is my client log with `ssh -vvv`
> There is also a discussion on Gerrit community and there is server side log on it
> https://bugs.chromium.org/p/gerrit/issues/detail?id=15987#c_ts1655281861
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org