Karaf
  1. Karaf
  2. KARAF-1683

"no matching cipher found" error connecting via SSH to wrapper Karaf service - on Ubuntu

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.8, 2.3.0
    • Fix Version/s: 2.2.9, 2.3.0, 3.0.0
    • Component/s: karaf-os-integration
    • Labels:
      None
    • Environment:

      Ubuntu 12.04 64-bit. OpenJDK 7

      Description

      When wrapper is used to install service in Ubuntu 12.04 (or any Ubuntu for that matter, probably Debian too), SSH is not possible.

      no matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se server 
      

      The reason is Debian doesn't set JAVA_HOME due to policy (https://bugs.launchpad.net/ubuntu/+source/java-common/+bug/364794)

      Workaround is to put this in the bin/<name>-service script :

      export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")
      

      It should be default, or probably like this :

      [ -z $JAVA_HOME ] && export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")
      

        Issue Links

          Activity

          Hide
          Jean-Baptiste Onofré added a comment -

          If readlink is present on most Linux distributions, it's not the case in Solaris or AIX. The karaf-service script is used for all Unix platform. I'm updating the patch to be compliant with all Unix.

          Show
          Jean-Baptiste Onofré added a comment - If readlink is present on most Linux distributions, it's not the case in Solaris or AIX. The karaf-service script is used for all Unix platform. I'm updating the patch to be compliant with all Unix.
          Hide
          Jean-Baptiste Onofré added a comment -

          I'm overriding the karaf-service for Linux (easier than adapting for each OS).

          Show
          Jean-Baptiste Onofré added a comment - I'm overriding the karaf-service for Linux (easier than adapting for each OS).
          Hide
          Hendy Irawan added a comment -

          Thank you Jean-Baptiste !

          If you like, this should work for all OS :

          [ -x /bin/readlink ] && [ -z $JAVA_HOME ] && export JAVA_HOME=$(/bin/readlink -f /usr/bin/javac | sed "s:/bin/javac::")
          
          Show
          Hendy Irawan added a comment - Thank you Jean-Baptiste ! If you like, this should work for all OS : [ -x /bin/readlink ] && [ -z $JAVA_HOME ] && export JAVA_HOME=$(/bin/readlink -f /usr/bin/javac | sed "s:/bin/javac::" )
          Hide
          Hendy Irawan added a comment -

          Hmm... it only detects JDK, not JRE. I think this is better, detects JDK first, then JRE as fallback :

          if [ -x readlink ]; then
            [ -z $JAVA_HOME ] && export JAVA_HOME="$(readlink -f /usr/bin/javac | sed 's:/bin/javac::')"
            [ -z $JAVA_HOME ] && export JAVA_HOME="$(readlink -f /usr/bin/java | sed 's:/bin/java::')"
          fi
          

          Also added double quotes to make it safe in case the returned pathname has fancy characters (exotic config?).

          Show
          Hendy Irawan added a comment - Hmm... it only detects JDK, not JRE. I think this is better, detects JDK first, then JRE as fallback : if [ -x readlink ]; then [ -z $JAVA_HOME ] && export JAVA_HOME= "$(readlink -f /usr/bin/javac | sed 's:/bin/javac::')" [ -z $JAVA_HOME ] && export JAVA_HOME= "$(readlink -f /usr/bin/java | sed 's:/bin/java::')" fi Also added double quotes to make it safe in case the returned pathname has fancy characters (exotic config?).

            People

            • Assignee:
              Jean-Baptiste Onofré
              Reporter:
              Hendy Irawan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development