|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Re: EGit 5.12 SSH clone failing due to Signature encoding error [message #1842766 is a reply to message #1842762] |
Wed, 30 June 2021 19:11 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
Great, thanks! This is the log I wanted. The interesting part:
13:16:33.006 JGitClientSession - readIdentification(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Server version string: SSH-2.0-babeld-278d8c4
The SSH server in your Github instance identifies as "SSH-2.0-babeld-278d8c4". That's a Github-specific SSH server; it's not standard OpenSSH. I have no idea what Github uses.
13:16:33.006 ClientUserAuthService - auth(JGitClientSession[git@github.foo.com/111.111.111.111:22])[ssh-connection] send SSH_MSG_USERAUTH_REQUEST for 'none'
13:16:33.006 JGitClientSession - handleKexInit(JGitClientSession[git@github.foo.com/111.111.111.111:22]) SSH_MSG_KEXINIT
13:16:33.007 JGitClientSession - enqueuePendingPacket(JGitClientSession[git@github.foo.com/111.111.111.111:22])[SSH_MSG_USERAUTH_REQUEST] Start flagging packets as pending until key exchange is done
13:16:33.012 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: server->client aes128-ctr hmac-sha2-256-etm@openssh.com none
13:16:33.012 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: client->server aes128-ctr hmac-sha2-256-etm@openssh.com none
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: kex algorithms = ecdh-sha2-nistp521
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: server host key algorithms = ssh-rsa
The last line above says that client and server negotiated to use a "ssh-rsa" signature during key exchange, and use the "ecdh-sha2-nistp521" key exchange algorithm. This exchanges keys using a SHA2 hash, which is then signed with the SHA1 ssh-rsa signature from the server's RSA host key. So far, so good.
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: encryption algorithms (client to server) = aes128-ctr
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: encryption algorithms (server to client) = aes128-ctr
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: mac algorithms (client to server) = hmac-sha2-256-etm@openssh.com
13:16:33.014 [JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: mac algorithms (server to client) = hmac-sha2-256-etm@openssh.com
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: compression algorithms (client to server) = none
13:16:33.014 JGitClientSession - setNegotiationResult(JGitClientSession[git@github.foo.com/111.111.111.111:22]) Kex: compression algorithms (server to client) = none
13:16:33.029 DHGClient - init(DHGClient[ecdh-sha2-nistp521])[JGitClientSession[git@github.foo.com/111.111.111.111:22]] Send SSH_MSG_KEXDH_INIT
13:16:33.029 JGitClientSession - encode(JGitClientSession[git@github.foo.com/111.111.111.111:22]) packet #1 sending command=30[30] len=138
13:16:33.029 Nio2Session - writeBuffer(Nio2Session[local=/10.0.0.6:56665, remote=github.foo.com/111.111.111.111:22]) writing 152 bytes
13:16:33.121 DHGClient - next(DHGClient[ecdh-sha2-nistp521])[JGitClientSession[git@github.foo.com/111.111.111.111:22]] process command=SSH_MSG_KEXDH_REPLY
13:16:33.138 Nio2Session - handleReadCycleFailure(Nio2Session[local=/10.0.0.6:56665, remote=github.foo.com/111.111.111.111:22]) SignatureException after 108390206 nanos at read cycle=2: Signature encoding error
13:16:33.138 Nio2Session - exceptionCaught(Nio2Session[local=/10.0.0.6:56665, remote=github.foo.com/111.111.111.111:22]) caught SignatureException[Signature encoding error] - calling handler
13:16:33.139 JGitClientSession - signalAuthFailure(JGitClientSession[git@github.foo.com/111.111.111.111:22]) type=SignatureException, signalled=true, first=false: Signature encoding error
13:16:33.147 JGitClientSession - exceptionCaught(JGitClientSession[git@github.foo.com/111.111.111.111:22])[state=Opened] SignatureException: Signature encoding error
java.security.SignatureException: Signature encoding error
at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:226)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1416)
at java.base/java.security.Signature.verify(Signature.java:790)
at org.apache.sshd.common.signature.AbstractSignature.doVerify(AbstractSignature.java:164)
at org.apache.sshd.common.signature.SignatureRSA.verify(SignatureRSA.java:116)
at org.apache.sshd.client.kex.DHGClient.next(DHGClient.java:182)
at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:606)
at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:500)
at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:428)
at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1463)
at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:388)
at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.messageReceived(JGitClientSession.java:200)
at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:358)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:335)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:332)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.io.IOException: ObjectIdentifier mismatch: 2.16.840.1.101.3.4.2.3
at java.base/sun.security.rsa.RSASignature.decodeSignature(RSASignature.java:261)
at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:217)
... 24 common frames omitted
As mentioned above: this stack trace says that the server sent back the key exchange message using a SHA2 "rsa-sha2-512" signature, even though both client and server had agreed on SHA1 "ssh-rsa" before!
This looks like a bug in the Github SSH server.
(Unless the Apache MINA sshd client log should be lying. There is a remote possibility that either side does the negotiation wrong: the server thinks, "rsa-sha2-512" had been negotiated, while the client thinks "ssh-rsa" had been negotiated. If you have access to debug-level server-side logs, you could probably verify what the server logs as the KEX negotiation outcome. If so, I'd be very interested to know what it logs. If it also logs "ssh-rsa", then it's definitely a bug in the Github SSH server. If it logs "rsa-sha2-512", then client and server have different negotiation results, which could be wrong in either.)
I am not sure I can do something about it. I have some ideas of what to try, but I don't see how I could set up a unit test against Github's custom "SSH-2.0-babeld-278d8c4" SSH server... I might have to rely on you to install JGit versions from temporary zipped update sites from our CI build and try out the fix (once I have one).
[Updated on: Wed, 30 June 2021 19:11] Report message to a moderator
|
|
|
|
|
|
|
Re: EGit 5.12 SSH clone failing due to Signature encoding error [message #1842844 is a reply to message #1842843] |
Fri, 02 July 2021 13:54 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
Thank you. Here we have it:
08:54:56.680 [sshd-JGitSshClient[4ecbfd8c]-nio2-thread-1] TRACE o.e.j.i.transport.sshd.JGitClientSession - negotiate(JGitClientSession[git@github.foo.com/111.111.111.111:22])[server host key algorithms] guess=ssh-rsa (client=ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss-cert-v01@openssh.com,ssh-dss,ext-info-c / server=ecdsa-sha2-nistp256,ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa)
So: I'd say this is a server bug. It should take the first algorithm from the client's proposal that is applicable and also in the server proposal. The client proposes (among other stuff) "ssh-rsa,rsa-sha2-512,rsa-sha2-256", while the server proposes "rsa-sha2-512,rsa-sha2-256,ssh-rsa". That means "ssh-rsa" should be chosen. So the client is correct and the server is wrong.
However: it would indeed be better if the client also proposed the algorithms in the order "rsa-sha2-512,rsa-sha2-256,ssh-rsa". That it doesn't is actually something I could fix, and then "rsa-sha2-512" should be chosen by both, thus avoiding the problem. You could try if that indeed helps:
Add to your ~/.ssh/config entry for that server a line "HostKeyAlgorithms ^rsa-sha2-512,rsa-sha2-256,ssh-rsa". Then save and re-try.
If you don't have a ~/.ssh/config file, create one with content
Host github.foo.com
Hostname github.foo.com
User git
Port 22
IdentityFile ~/.ssh/your_private_key
HostKeyAlgorithms ^rsa-sha2-512,rsa-sha2-256,ssh-rsa
(Replace the host name and the path to the key as appropriate.)
If it works then we know at least that a corresponding change in JGit will indeed solve the problem.
Another way to fix it on your side would be to remove from the file ~/.ssh/known_hosts all entries for github.foo.com. You would then get a new host key from the server (and would be prompted about it), and if I read the log correctly, it'd be not an RSA key but an ECDSA key. That would then also avoid this particular problem.
And yes, it is a bit strange that it doesn't occur in EGit 5.11.0. Possibly it is caused by the "ext-info-c" at the end of the client's proposal. That was added in 5.11.1 -- it doesn't change the key exchange, though! That only tells the server that the client is interested in any extension capabilities that the server might have. The server will tell about such capabilities only _after_ the key exchange is done. But perhaps this github server sees this "ext-info-c" and then mistakenly chooses the wrong signature. (Because later on for public key authentication, this is, when you actually try to log-in, and you use an RSA key, client and server would indeed use "rsa-sha2-512".)
|
|
|
|
Re: EGit 5.12 SSH clone failing due to Signature encoding error [message #1842860 is a reply to message #1842853] |
Sat, 03 July 2021 12:27 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
That's great to hear. Now I know that I can fix this in JGit by making it propose "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,..." instead of "ssh-rsa,ecdsa-sha2-nistp256,...,rsa-sha2-512,rsa-sha2-256,...". The second is still technically correct, but the first is "more correct".
I've created bug 574635 for this. Will be fixed in the next EGit/JGit release.
[Updated on: Sat, 03 July 2021 20:00] Report message to a moderator
|
|
|
|
|
|