Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to reach a settlement: [] #419

Closed
Simsal opened this issue May 23, 2018 · 8 comments
Closed

Unable to reach a settlement: [] #419

Simsal opened this issue May 23, 2018 · 8 comments

Comments

@Simsal
Copy link

Simsal commented May 23, 2018

Hey,
I allways get following error when i try to copy a file from RHEL 7 to RHEL 7.
It looks like as if sshj doesn't offer any algorithms?
(based on your answer here: [(https://github.com//issues/380)]

2018-05-23 10:03:50.492  WARN 4034 --- [nio-8080-exec-9] net.schmizz.sshj.DefaultConfig           : Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2018-05-23 10:03:50.533  INFO 4034 --- [nio-8080-exec-9] n.schmizz.sshj.transport.TransportImpl   : Client identity string: SSH-2.0-SSHJ_0.23.0
2018-05-23 10:03:50.542  INFO 4034 --- [nio-8080-exec-9] n.schmizz.sshj.transport.TransportImpl   : Server identity string: SSH-2.0-OpenSSH_6.6.1
2018-05-23 10:03:50.548 ERROR 4034 --- [         reader] n.schmizz.sshj.transport.TransportImpl   : Dying because - Unable to reach a settlement: [] and [aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se]

Do i need to configure them somewhere?

my pom.xml:

<!-- jhipster-needle-maven-add-dependency -->
        
        <dependency>
		  <groupId>com.hierynomus</groupId>
		  <artifactId>sshj</artifactId>
		  <version>0.23.0</version>
		</dependency>
		
		<!-- https://mvnrepository.com/artifact/com.opencsv/opencsv -->
		<dependency>
		  <groupId>com.opencsv</groupId>
		  <artifactId>opencsv</artifactId>
		  <version>4.1</version>
		</dependency>

		
		<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
		<dependency>
		    <groupId>org.bouncycastle</groupId>
		    <artifactId>bcprov-jdk15on</artifactId>
		    <version>1.59</version>
		</dependency>
		
		<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
		<dependency>
		    <groupId>org.slf4j</groupId>
		    <artifactId>slf4j-api</artifactId>
		    <version>1.7.25</version>
		</dependency>
@hierynomus
Copy link
Owner

Hi @Simsal please load the unlimited strength Java crypto extensions. That should help getting a settlement

@Simsal
Copy link
Author

Simsal commented May 23, 2018

Hey @hierynomus , I've put the two jars i got from the oracle page into my javahome/jdk1.8.0_77/jre/lib/security onto the server the webapp is running.
I restarted the tomcat.
Still the same outcome.

Do you have any other idea? :)

@Simsal
Copy link
Author

Simsal commented Jun 25, 2018

@hierynomus
Hey,
I managed to generate some more Information in the log files:
Somehow your library is "calling" some jars from the product of MicroStrategy? For every change of Server i try within my program, the log entry looks the same. JCE files are aplied on both the recent and the foreign Server.

2018-06-25 13:26:18.088  INFO 67857 --- [io-8080-exec-22] n.s.s.t.random.BouncyCastleRandom        : Generating random seed from SecureRandom.
2018-06-25 13:26:18.088  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.088  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : No such algorithm: IDEA/CBC/NoPadding
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : No such algorithm: IDEA/CTR/NoPadding
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.089  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : file:/srv/tomcat/instances/webapps/MicroStrategyLibrary/WEB-INF/lib/restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar has unsigned entries - com/microstrategy/consumerweb/servlets/AddSessionStateFilter.class
2018-06-25 13:26:18.090  WARN 67857 --- [io-8080-exec-22] net.schmizz.sshj.DefaultConfig           : Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2018-06-25 13:26:18.092  INFO 67857 --- [io-8080-exec-22] n.schmizz.sshj.transport.TransportImpl   : Client identity string: SSH-2.0-SSHJ_0.24.0
2018-06-25 13:26:18.101  INFO 67857 --- [io-8080-exec-22] n.schmizz.sshj.transport.TransportImpl   : Server identity string: SSH-2.0-OpenSSH_7.4
2018-06-25 13:26:18.102 ERROR 67857 --- [         reader] n.schmizz.sshj.transport.TransportImpl   : Dying because - Unable to reach a settlement: [] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc]

net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc]
        at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
        at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
        at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
        at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
        at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
        at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102)
        at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170)
        at net.schmizz.sshj.transport.Reader.run(Reader.java:59)

2018-06-25 13:26:18.102  INFO 67857 --- [         reader] n.schmizz.sshj.transport.TransportImpl   : Disconnected - UNKNOWN
2018-06-25 13:26:18.102 ERROR 67857 --- [io-8080-exec-22] net.schmizz.concurrent.Promise           : <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc]
2018-06-25 13:26:18.105 ERROR 67857 --- [io-8080-exec-22] o.z.p.spring.web.advice.AdviceTrait      : Internal Server Error

net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc]
        at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
        at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
        at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
        at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
        at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
        at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102)
        at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170)
        at net.schmizz.sshj.transport.Reader.run(Reader.java:59)

@hierynomus
Copy link
Owner

Are you using an uber jar? We're not calling anything. What you're seeing is the Java Securitymanager kicking in. The empty [] mean that locally no algorithms could be loaded because bouncycastle is not present or cannot be loaded due to JCE restrictions.

@Simsal
Copy link
Author

Simsal commented Jul 11, 2018

So, somehow the other applications on the tomcat blocked the settlement.

I deployed my application on another server and now it works like a charm.
Thank you!

@Simsal Simsal closed this as completed Jul 11, 2018
@wrschneider
Copy link

@hierynomus @Simsal I had the same issue -- also with MicroStrategy.

my code with sshj works fine with the same JDK outside Tomcat (I verified that the JCE policy is unrestricted) but breaks inside Tomcat with a similar error as above.

My question is: how is it possible for other code running in the same Tomcat to interfere with sshj's ability to call bouncycastle? Is this a defect in sshj or is this intrinsic to JCE?

@hierynomus
Copy link
Owner

actually it's neither. However BouncyCastle cannot be wrapped in an uber-jar (a jar with dependencies). See my previous comment. SSHJ does not call upon microstrategy.

@wrschneider
Copy link

@hierynomus The issue is that my own webapp which uses sshj is NOT using an uber-JAR.

A different webapp on the same Tomcat does use an uber-JAR and my question is why are they not isolated - how can one webapp break another? Isn't the app server supposed to provide some layer of isolation between webapps?

I agree that sshj is not calling MicroStrategy. It's not a call, but rather the mere existence of this MicroStrategy app on the same Tomcat is breaking sshj in a different webapp.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hierynomus @wrschneider @Simsal