Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-589

Auto-detect max. supported DH group exchange key size

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.0.0, 1.1.0
    • 1.1.0
    • None

    Description

      Using:
      1. Same JVM to run test of 1.x and 0.x
      2. The SunEC provider is not available.
      3. BouncyCastle is not used.
      4. The same Fedora-22 remote is accessed.

      Using sshd-core-0.14 works, using sshd-core-1.0.1(master, and any 1.x) produces:
      java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 / server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1)
      at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1334)
      at org.apache.sshd.common.session.AbstractSession.handleKexInit(AbstractSession.java:478)
      at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:412)
      at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:361)

      Per Lyor request, added some more debug information into master.

      Attached:
      1. Full test environment (test1.tar.gz) a directory per version, test using:
      JAVA_OPTS="-Djava.util.logging.config.file=./logging.properties" ./ssh-test.sh --host=XXXX --password=XXXX --command="echo hello"
      2. Full debug log of 0.14 and master.
      3. Diff of logging.

      This is a behaviour change in 1.x, so far we have failed to nail it.

      Attachments

        1. test1.tar.gz
          2.26 MB
          Alon Bar-Lev
        2. test1-0.14.log
          37 kB
          Alon Bar-Lev
        3. test1-master.log
          30 kB
          Alon Bar-Lev
        4. 0001-SSHD-589-Logging-improvements.patch
          5 kB
          Alon Bar-Lev
        5. 0001-SSHD-589-Enable-dhgex256-if-4096-DH-is-supported.patch
          6 kB
          Alon Bar-Lev
        6. 1000-SSHD-589-Enable-dhgex256-if-4096-DH-is-supported.patch
          8 kB
          Alon Bar-Lev
        7. 0001-SSHD-589-Runtime-detection-of-DH-size.patch
          14 kB
          Alon Bar-Lev
        8. 0002-Initial-code-for-SSHD-589.patch
          13 kB
          Lyor Goldstein

        Issue Links

          is broken by

          Improvement - An improvement or enhancement to an existing feature or task. SSHD-436 Use as much as possible common code for client and server KEX

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. SSHD-567 Connection to Cisco caused java.security.InvalidAlgorithmParameterException

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. SSHD-596 Support dhg14 by runtime DH key size detection similar to dhgex

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              lgoldstein Lyor Goldstein
              alonbl Alon Bar-Lev
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: