Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server key did not validate when hashed known host entry is present #588

Closed
sverhoeven opened this issue Nov 1, 2017 · 5 comments
Closed

Server key did not validate when hashed known host entry is present #588

sverhoeven opened this issue Nov 1, 2017 · 5 comments
Labels
Bug SSH Adaptor
Milestone
3.0.0

Comments

@sverhoeven
Copy link
Member

I did:

rm ~/.ssh/known_hosts
docker run --detach --publish 10022:22 nlesc/xenon-ssh
ssh-copy-id xenon@localhost -p 10022
ssh xenon@localhost -p 10022 hostname

In my ~/.ssh/known_hoststhere is now a hashed entry forlocalhost:10022`.

When I try to create a scheduler with

Scheduler scheduler = Scheduler.create("ssh", "localhost:10022", new DefaultCredential("xenon"));

Xenon throws a org.apache.sshd.common.SshException: Server key did not validate exception.
@sverhoeven
Copy link
Member Author

Found bug in SSHD client, it hashes the hostname only, ignoring the port.

The bug can be workaround by creating a copy of KnownHostEntry.isHostMatch() and changing it to

        if (super.isHostMatch(host, port)) {
            return true;
        }

        KnownHostHashValue hash = getHashedEntry();
        if (port == 22) {
            return (hash != null) && hash.isHostMatch(host);
        } else {
            return (hash != null) && hash.isHostMatch("[" + host + "]:" + port);
        }

sverhoeven added a commit to NLeSC/mina-sshd that referenced this issue Nov 1, 2017
@sverhoeven
Add port to string to be hashed when not 22
a170747 
Fixes xenon-middleware/xenon#588
sverhoeven added a commit to NLeSC/mina-sshd that referenced this issue Nov 1, 2017
@sverhoeven
Add port to string to be hashed when not 22
8d1ed4d 
Fixes xenon-middleware/xenon#588
@sverhoeven
Copy link
Member Author

sverhoeven commented Oct 17, 2018
edited
Loading

Bug is still present in latest mina-sshd 2.1.0, see https://github.com/NLeSC/Xenon/tree/mina-2.1.0 branch.

Create issue https://issues.apache.org/jira/browse/SSHD-852 to get it fixed in mina-sshd.

@sverhoeven
Copy link
Member Author

Fix has been merged apache/mina-sshd@326725d, waiting for new release >v2.1.0 of mina sshd so we can upgrade the dependency.

@jmaassen
Copy link
Member

Great!

sverhoeven added a commit that referenced this issue Feb 25, 2019
@sverhoeven
Upgrade to mina sshd 2.2.0
27c9481 
As it contains the encrypted host key fix, so we no longer need our own fork

Refs #588
@jmaassen jmaassen added this to the 3.0.0 milestone Jun 12, 2019
@sverhoeven sverhoeven mentioned this issue Jun 12, 2019
Merged
@sverhoeven
Copy link
Member Author

Now using Mina sshd 2.2.0, so it is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug SSH Adaptor
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
2 participants
@jmaassen @sverhoeven