Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.5.1
-
None
Description
First connection, to port 22, create entry in known_hosts (this is OK).
2020-08-21 18:09:56.249 [connection:host-1-p22-1] [INFO] SSHClient - Connecting to: test-sshd@192.168.7.5:22 2020-08-21 18:09:56.489 [connection:host-1-p22-1] [INFO] SSHClient - Session established: test-sshd@192.168.7.5:22
After disconnect, a second connection, but to port 2020, same IP but another port (responded by another ssh-service), connection fails (detect changed key, this is bad).
2020-08-21 18:10:02.174 [connection:host-1-p2020-1] [INFO] SSHClient - Connecting to: test-sshd@192.168.7.5:2020 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] ClientSessionImpl - exceptionCaught(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020])[state=Opened] SshException: Server key did not validate 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [INFO] ClientSessionImpl - Disconnecting(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]): SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate 2020-08-21 18:10:02.529 [sshd-SshClient[47d4d899]-nio2-thread-9] [WARN] ClientSessionImpl - disconnect(ClientSessionImpl[test-sshd@hostname/192.168.7.5:2020]) operation failed (ClosedChannelException) for reason=SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [Server key did not validate]: null 2020-08-21 18:10:02.529 [connection:host-1-p2020-1] [ERROR] SSHClient - IOException: org.apache.sshd.common.SshException: Server key did not validate
If the first connection is to port 2020, and second is to port 22, two entries are created in known_hosts and all works fine.
To reproduce, with this snippet of code:
final File knownHost = new File("/tmp/known_hosts"); knownHost.delete(); knownHost.createNewFile(); KnownHostsServerKeyVerifier hostVerifier = new KnownHostsServerKeyVerifier(((sshClientSession, remoteAddress, serverKey) -> true), knownHost.toPath()); // Accept unknown hostVerifier.setModifiedServerKeyAcceptor((clientSession, remoteAddress, entry, expected, actual) -> false); // Reject modified SshClient client = SshClient.setUpDefaultClient(); client.setServerKeyVerifier(hostVerifier); client.start(); // ...etc...
- Connect to server A, port 22.
- Connect to server A, port 2020 (for test, I'm using rinetd redirecting 2020 in server A to server B in port 22).
My intuition tells me that the solution (or maybe workaround) could be this little change:
// class: org.apache.sshd.client.config.hosts.KnownHostHashValue public static <A extends Appendable> A appendHostPattern(A sb, String host, int port) throws IOException { - boolean nonDefaultPort = (port > 0) && (port != SshConstants.DEFAULT_PORT); + boolean nonDefaultPort = true;
Attachments
Attachments
Issue Links
- links to