Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.2.0
-
None
-
Linux Mint 19
Description
The Apache SshClient is unable to verify a known host entry that was made by the OpenSSH client when the entry is on a port other than 22.
I get the following exception
org.apache.sshd.common.SshException: Server key did not validate at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:440) ...
The OpenSSH client will create a hash for `[host]:port` while Apache SshClient will check hashed entries for `host` (see https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130[).|https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=blob;f=sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java;h=91d61842373bb322b09198f551d6dfd095554677;hb=HEAD#l130.] This difference will cause the correct known host entry to be marked as not a match which in turn causes the exception.
The error can be reproduced by setting up the a SSH server
rm ~/.ssh/known_hosts docker run -d -p 2222:22 nlesc/xenon-ssh # Prime known hosts with hash entry, password=javagat ssh xenon@localhost -p 10022 hostname
and then running the attached test.
I created a fix and tests at https://github.com/apache/mina-sshd/compare/master...NLeSC:hashed-known-host-port