Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.0.0
-
None
Description
This issue I observe with quite low probability. It turns out that RSA signature verification fails and thus SSH key authentication fails. (This is a bit strange that key verification is executed BEFORE signature is checked).
In my cases it fails with Trilead SSH2 client.
From the code it fails inside JCE where it is asserted message size if not trimmed. (Exception is not getting properly logged, but it is possible to find the message in sun/security/rsa/RSASignature.java file)
In the sources of Trilead I see the code, that may trim leading zero byte from the signature. Signature here is encoded with type and data, so that org.apache.sshd.common.signature.AbstractSignature#extractEncodedSignature is executed and not-null is returned).
https://github.com/JetBrains/intellij-community/blob/master/plugins/cvs/trilead-ssh2-build213/src/com/trilead/ssh2/signature/RSASHA1Verify.java#L98
As you may see from the link this is the way they understand the standard.
I checked JSch code, and there is not such a byte trim there.
It may mean Mina SSHD should attempt to workaround it and add zero bites back
Attachments
Issue Links
- links to