karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zsolt Beothy-Elo (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-1513) SSH keystore incompatible if generated with IBM JDK
Date Thu, 31 May 2012 12:41:22 GMT
Zsolt Beothy-Elo created KARAF-1513:
---------------------------------------

             Summary: SSH keystore incompatible if generated with IBM JDK
                 Key: KARAF-1513
                 URL: https://issues.apache.org/jira/browse/KARAF-1513
             Project: Karaf
          Issue Type: Bug
          Components: karaf-shell
    Affects Versions: 2.2.6
         Environment: java version "1.6.0"
Java(TM) SE Runtime Environment (build pxi3260sr10fp1-20120321_01(SR10 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr10fp1-20120202_101568 (JIT
enabled, AOT enabled)
J9VM - 20120202_101568
JIT  - r9_20111107_21307ifx1
GC   - 20120202_AA)
JCL  - 20120320_01  

            Reporter: Zsolt Beothy-Elo
            Priority: Minor


After starting the container with karaf script, the consquent attempt to connect to the instance
with the client script fails:

/opt/TESB-QA-Workspace/container/bin# ./client -a 8101
950 [NioProcessor-2] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught
org.apache.sshd.common.SshException: KeyExchange signature verification failed
at org.apache.sshd.client.kex.AbstractDHGClient.next(AbstractDHGClient.java:121)
at org.apache.sshd.client.session.ClientSessionImpl.doHandleMessage(ClientSessionImpl.java:243)
at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:198)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:522)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:225)
...

The following stuff is observed in the karaf log:

23:53:42,043 | INFO | NioProcessor-2 | shd.server.session.ServerSession 87 | 22 - sshd-core
- 0.5.0 | Session created...
23:53:42,052 | INFO | NioProcessor-2 | AbstractGeneratorHostKeyProvider 149 | 22 - sshd-core
- 0.5.0 | Generating host key...
23:53:42,124 | INFO | NioProcessor-2 | shd.server.session.ServerSession 307 | 22 - sshd-core
- 0.5.0 | Client version string: SSH-2.0-SSHD-CORE-0.5.0
23:53:42,125 | INFO | NioProcessor-2 | shd.server.session.ServerSession 149 | 22 - sshd-core
- 0.5.0 | Received SSH_MSG_KEXINIT
23:53:42,203 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 84 | 22 - sshd-core
- 0.5.0 | Received SSH_MSG_KEXDH_INIT
23:53:42,246 | INFO | NioProcessor-2 | shd.server.kex.AbstractDHGServer 125 | 22 - sshd-core
- 0.5.0 | Send SSH_MSG_KEXDH_REPLY
23:53:42,246 | INFO | NioProcessor-2 | d.common.session.AbstractSession 691 | 22 - sshd-core
- 0.5.0 | Send SSH_MSG_NEWKEYS
23:53:42,283 | INFO | NioProcessor-2 | shd.server.session.ServerSession 124 | 22 - sshd-core
- 0.5.0 | Received SSH_MSG_DISCONNECT (reason=3, msg=KeyExchange signature verification failed)
23:53:42,284 | INFO | NioProcessor-2 | d.common.session.AbstractSession 287 | 22 - sshd-core
- 0.5.0 | Closing session

After a certain investigation, the conclusion is made that the issue is connected to the <container>/etc/host.key
file, which seems to be generated different under IBM JVM comparing to the one received on
Sun Java VM:

ls -al host*
rw-rr- 1 root root 1202 2012-04-25 13:03 host.key.sunjvm
rw-rr- 1 root root 2581 2012-04-25 12:35 host.key
#
(see the difference in size, at least)
If I replace it with a copy of host.key file taken from a different container working under
Sun JVM, everything works just fine.

The issue reproduces both, with client script running locally and with a remote one running
on Sun Java VM 1.6.0_30.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message