KeyExchangeException

Question

KeyExchangeException

asked Feb 8, 2007 in Java FTP by bala (180 points)

while connecting to the server using public key authentication specifically while verifiying the host Iam getting the KeyExchangeException.I have generated the key pair and the keys are in path .The following is the log.

DEBUG [SSHFTPClient] 7 Feb 2007 11:53:01.978 : Created SFTP client.
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPrivateKeyFile] 7 Feb 2007 11:53:01.978 : Parsing private key file
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPrivateKeyFormatFactory] 7 Feb 2007 11:53:01.994 : Loading private key formats
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPrivateKeyFormatFactory] 7 Feb 2007 11:53:01.994 : Installing OpenSSH-PrivateKey private key format
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPrivateKeyFormatFactory] 7 Feb 2007 11:53:01.994 : Installing SSH.COM-PrivateKey-Base64Encoded private key format
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPrivateKeyFormatFactory] 7 Feb 2007 11:53:01.994 : Installing SSHTools-PrivateKey-Base64Encoded private key format
INFO [OpenSSHPrivateKeyFormat] 7 Feb 2007 11:53:02.9 : Unpacking OpenSSH formatted private key
DEBUG [IJCE_Properties] 7 Feb 2007 11:53:02.25 : Successfully loaded the IJCE properties file
INFO [cryptix] 7 Feb 2007 11:53:02.41 : GLOBAL_TRACE=false
INFO [cryptix] 7 Feb 2007 11:53:02.41 : GLOBAL_DEBUG=false
INFO [cryptix] 7 Feb 2007 11:53:02.41 : GLOBAL_DEBUG_SLOW=false
INFO [OpenSSHPrivateKeyFormat] 7 Feb 2007 11:53:02.56 : RSA private key
DEBUG [SSHFTPValidator] 7 Feb 2007 11:53:02.72 : Adding known host '127.0.0.1'
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.SshPublicKeyFile] 7 Feb 2007 11:53:02.72 : Parsing public key file
DEBUG [AbstractKnownHostsKeyVerification] 7 Feb 2007 11:53:02.72 : Allowing 127.0.0.1 with fingerprint 2048: 9 33 16 5f fd 9b b1 de 2e d3 b7 89 89 b8 ff 65
DEBUG [AbstractKnownHostsKeyVerification] 7 Feb 2007 11:53:02.72 : putAllowedKey(host=127.0.0.1,algorithm=ssh-rsa)
INFO [SSHFTPClient] 7 Feb 2007 11:53:02.72 : SSHFTPClient settings validated.
DEBUG [SSHFTPClient] 7 Feb 2007 11:53:02.72 : Connecting to 127.0.0.1:22
DEBUG [TransportProviderFactory] 7 Feb 2007 11:53:02.87 : Connecting to 127.0.0.1:22 via standard socket
DEBUG [SocketTransportProvider] 7 Feb 2007 11:53:02.87 : Timeout == 0
INFO [TransportProtocolCommon] 7 Feb 2007 11:53:02.103 : Timeout=0
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.103 : Starting transport protocol
INFO [TransportProtocolCommon] 7 Feb 2007 11:53:02.103 : Wait for state update timeout=0
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.103 : Registering transport protocol messages with inputstream
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Negotiating protocol version
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Local identification: SSH-2.0-edtFTPj/PRO-1.3.3 [CLIENT]
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : EOL is guessed at CR+LF
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Remote identification: SSH-2.0-1.36 sshlib: GlobalScape
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Protocol negotiation complete
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Sending SSH_MSG_KEX_INIT
INFO [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Wait for state update timeout=0
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Received unregistered message: SSH_MSG_KEX_INIT
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Received remote key exchange init message
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Starting key exchange
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Determine Algorithm
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Client Algorithms: [diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Server Algorithms: [diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Returning diffie-hellman-group1-sha1
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.119 : Key exchange algorithm: diffie-hellman-group1-sha1
INFO [DhGroup1Sha1] 7 Feb 2007 11:53:02.119 : Starting client side key exchange.
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.166 : Sending SSH_MSG_KEXDH_INIT
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.166 : Received unregistered message: SSH_MSG_KEXDH_REPLY
DEBUG [DhGroup1Sha1] 7 Feb 2007 11:53:02.197 : calculateExchangeHash()
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Verifying host 127.0.0.1
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Preferred algorithm ssh-rsa
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Determine Algorithm
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Client Algorithms: [ssh-rsa, ssh-dss]
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Server Algorithms: [ssh-dss]
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Returning ssh-dss
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.197 : Selected algorithm ssh-dss
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 7 Feb 2007 11:53:02.197 : Verifying host key signature
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 7 Feb 2007 11:53:02.197 : Signature length is 40
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 7 Feb 2007 11:53:02.197 : SSH: a0 2 6b 6f 1b 5f 44 56 e6 e cc 9f c3 4 62 67 97 6f 44 d4 88 52 cd c8 f8 f1 62 d9 ad 97 6a 86 86 49 e 8a 38 2 2 79
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 7 Feb 2007 11:53:02.197 : Encoded: 30 2e 2 15 0 a0 2 6b 6f 1b 5f 44 56 e6 e cc 9f c3 4 62 67 97 6f 44 d4 2 15 0 88 52 cd c8 f8 f1 62 d9 ad 97 6a 86 86 49 e 8a 38 2 2 79
DEBUG [AbstractKnownHostsKeyVerification] 7 Feb 2007 11:53:02.212 : Verifying 127.0.0.1 host key
DEBUG [AbstractKnownHostsKeyVerification] 7 Feb 2007 11:53:02.212 : Fingerprint: 1024: b2 b1 63 40 c9 fa ec 74 cc 69 ef df 7d ef cc f3
DEBUG [AbstractKnownHostsKeyVerification] 7 Feb 2007 11:53:02.212 : getAllowedKey(names=127.0.0.1,algorithm=ssh-dss)
DEBUG [SSHFTPValidator] 7 Feb 2007 11:53:02.212 : Denied 127.0.0.1: Unknown host.
DEBUG [SSHFTPValidator] 7 Feb 2007 11:53:02.212 : Denied 127.0.0.1: Known host - Unknown algorithm.
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : The host key is not accepted
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : sendDisconnect(9,'The host signature is invalid or the host key was not accepted!')
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Sending SSH_MSG_DISCONNECT
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : stop() called
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Disconnect: The host signature is invalid or the host key was not accepted!
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : sendDisconnect(11,'The host signature is invalid or the host key was not accepted!')
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Sending SSH_MSG_DISCONNECT
ERROR [TransportProtocolOutputStream] 7 Feb 2007 11:53:02.212 : sendMessage() failed: Socket closed (state=5)
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : stop() called
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Sending SSH_MSG_NEWKEYS
ERROR [TransportProtocolOutputStream] 7 Feb 2007 11:53:02.212 : sendMessage() failed: Socket closed (state=5)
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Completing key exchange
DEBUG [TransportProtocolCommon] 7 Feb 2007 11:53:02.212 : Making keys from key exchan

3 Answers

support2 · Answer 1 · 2007-02-08T02:20:35+0000

It looks like you haven't registered the server's public key with the client.

SSHFTPClient ftp = ...
....
ftp.getValidator().addKnownHost("127.0.0.1", publicKeyFile);

or else turn off server validation:

ftp.getValidator().setHostValidationEnabled(false);

bala · Answer 2 · 2007-02-08T02:59:43+0000

I have done that.The folowing is the code

ftp.getValidator().addKnownHost("127.0.0.1","ClientKey.pub");

ClientKey.pub is my public key.Then also iam getting the exception.

If i change the code like this

ftp.getValidator().setHostValidationEnabled(false);

its working fine.

any clue?

support2 · Answer 3 · 2007-02-08T03:09:58+0000

Ah. According to the log file the server only supports DSS public keys, and yours is an RSA public key.

You need a DSS public key.

KeyExchangeException

Please log in or register to add a comment.

Please log in or register to answer this question.

3 Answers

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Categories