Karaf
  1. Karaf
  2. KARAF-1513

SSH keystore incompatible if generated with IBM JDK

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.6
    • Fix Version/s: 2.2.8, 2.3.0, 3.0.0
    • Component/s: karaf-shell
    • Labels:
      None
    • Environment:

      Description

      After starting the container with karaf script, the consquent attempt to connect to the instance with the client script fails:

      /opt/TESB-QA-Workspace/container/bin# ./client -a 8101
      950 [NioProcessor-2] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught
      org.apache.sshd.common.SshException: KeyExchange signature verification failed
      at org.apache.sshd.client.kex.AbstractDHGClient.next(AbstractDHGClient.java:121)
      at org.apache.sshd.client.session.ClientSessionImpl.doHandleMessage(ClientSessionImpl.java:243)
      at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:198)
      at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:522)
      at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:225)
      ...

      The following stuff is observed in the karaf log:

      23:53:42,043 | INFO | NioProcessor-2 | shd.server.session.ServerSession 87 | 22 - sshd-core - 0.5.0 | Session created...
      23:53:42,052 | INFO | NioProcessor-2 | AbstractGeneratorHostKeyProvider 149 | 22 - sshd-core - 0.5.0 | Generating host key...
      23:53:42,124 | INFO | NioProcessor-2 | shd.server.session.ServerSession 307 | 22 - sshd-core - 0.5.0 | Client version string: SSH-2.0-SSHD-CORE-0.5.0
      23:53:42,125 | INFO | NioProcessor-2 | shd.server.session.ServerSession 149 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXINIT
      23:53:42,203 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 84 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_KEXDH_INIT
      23:53:42,246 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 125 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_KEXDH_REPLY
      23:53:42,246 | INFO | NioProcessor-2 | d.common.session.AbstractSession 691 | 22 - sshd-core - 0.5.0 | Send SSH_MSG_NEWKEYS
      23:53:42,283 | INFO | NioProcessor-2 | shd.server.session.ServerSession 124 | 22 - sshd-core - 0.5.0 | Received SSH_MSG_DISCONNECT (reason=3, msg=KeyExchange signature verification failed)
      23:53:42,284 | INFO | NioProcessor-2 | d.common.session.AbstractSession 287 | 22 - sshd-core - 0.5.0 | Closing session

      After a certain investigation, the conclusion is made that the issue is connected to the <container>/etc/host.key file, which seems to be generated different under IBM JVM comparing to the one received on Sun Java VM:

      ls -al host*
      rw-rr- 1 root root 1202 2012-04-25 13:03 host.key.sunjvm
      rw-rr- 1 root root 2581 2012-04-25 12:35 host.key
      #
      (see the difference in size, at least)
      If I replace it with a copy of host.key file taken from a different container working under Sun JVM, everything works just fine.

      The issue reproduces both, with client script running locally and with a remote one running on Sun Java VM 1.6.0_30.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Jean-Baptiste Onofré
            Reporter:
            Zsolt Beothy-Elo
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development