The host signature is invalid or the host key was not accept

Question

Hi
I'm trying to test the following code and getting com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException: Failed to read OpenSSH key format

the code:
SSHFTPClient sftpClient = new SSHFTPClient();

sftpClient.setRemoteHost(host);
sftpClient.setAuthentication(userName, password);


// get public key from the server and try it
File f = new File("tmp.txt");
FileOutputStream fout = new FileOutputStream(f);
SSHFTPClient.getHostPublicKey(host).write(fout, SSHFTPPublicKey.OPENSSH_FORMAT);
sftpClient.getValidator().addKnownHost(host, new FileInputStream(f));


This should work since I'm using the public key from the server itself.
Thanks in advance!
here is the log:

DEBUG [SSHFTPClient] 24 Jul 2008 18:56:27.257 : Created SFTP client.
INFO [SCPClient] 24 Jul 2008 18:56:27.289 : SCPClient settings validated.
DEBUG [SCPClient] 24 Jul 2008 18:56:27.289 : Connecting to xxx.xx.x.xx:22
DEBUG [TransportProviderFactory] 24 Jul 2008 18:56:27.429 : Connecting to xxx.xx.x.xx:22 via standard socket
DEBUG [SocketTransportProvider] 24 Jul 2008 18:56:27.445 : Invoking connect with timeout=60000
INFO [TransportProtocolCommon] 24 Jul 2008 18:56:27.835 : Timeout=60000
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.835 : Starting transport protocol
INFO [TransportProtocolCommon] 24 Jul 2008 18:56:27.867 : Wait for state update timeout=60000
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.867 : Registering transport protocol messages with inputstream
INFO [TransportProtocolCommon] 24 Jul 2008 18:56:27.867 : Wait for state update timeout=60000
INFO [cryptix] 24 Jul 2008 18:56:27.945 : GLOBAL_TRACE=false
INFO [cryptix] 24 Jul 2008 18:56:27.945 : GLOBAL_DEBUG=false
INFO [cryptix] 24 Jul 2008 18:56:27.945 : GLOBAL_DEBUG_SLOW=false
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Negotiating protocol version
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Local identification: SSH-2.0-edtFTPjPRO-2.0.1
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : EOL is guessed at LF
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Remote identification: 'SSH-1.99-OpenSSH_3.9p1'
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Protocol negotiation complete
ALL [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Name=SSH_MSG_KEX_INIT,MessageId=20
Supported Kex diffie-hellman-group1-sha1
Supported Public Keys ssh-dss,ssh-rsa
Supported Encryption Client->Server 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,aes192-cbc
Supported Encryption Server->Client 3des-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,aes192-cbc
Supported Mac Client->Server hmac-sha1,hmac-md5-96,hmac-md5,hmac-sha1-96
Supported Mac Server->Client hmac-sha1,hmac-md5-96,hmac-md5,hmac-sha1-96
Supported Compression Client->Server none,zlib
Supported Compression Server->Client none,zlib
Supported Languages Client->Server
Supported Languages Server->Client
First Kex Packet Follows [FALSE]
INFO [TransportProtocolCommon] 24 Jul 2008 18:56:27.945 : Wait for state update timeout=60000
DEBUG [SshMsgKexInit] 24 Jul 2008 18:56:27.960 : Packetlength=636, Paddinglength=11
ALL [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Received registered message: Name=SSH_MSG_KEX_INIT,MessageId=20
Supported Kex diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Supported Public Keys ssh-rsa,ssh-dss
Supported Encryption Client->Server aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Supported Encryption Server->Client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
Supported Mac Client->Server hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Supported Mac Server->Client hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Supported Compression Client->Server none,zlib
Supported Compression Server->Client none,zlib
Supported Languages Client->Server
Supported Languages Server->Client
First Kex Packet Follows [FALSE]
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Received remote key exchange init message
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Starting key exchange
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Determine Algorithm
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Client Algorithms: [diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Server Algorithms: [diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Returning diffie-hellman-group1-sha1
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:27.960 : Key exchange algorithm: diffie-hellman-group1-sha1
INFO [DhGroup1Sha1] 24 Jul 2008 18:56:27.960 : Starting client side key exchange.
ALL [TransportProtocolCommon] 24 Jul 2008 18:56:28.7 : Name=SSH_MSG_KEXDH_INIT,MessageId=30,e=112675559769532281934660680067840235126001296115709876825479989847601699046407755082766169884611411843597080641182660007109870581689435306423318226065887993804317413086382136064323856601702733740696725391984293534003180248241790442978579697499199206076269744591330217912247238101041121396766210690358575506969
ALL [TransportProtocolCommon] 24 Jul 2008 18:56:28.23 : Received unregistered message: Name=SSH_MSG_KEXDH_REPLY,MessageId=31
ALL [DhGroup1Sha1] 24 Jul 2008 18:56:28.23 : Name=SSH_MSG_KEXDH_REPLY,MessageId=31
DEBUG [DhGroup1Sha1] 24 Jul 2008 18:56:28.85 : calculateExchangeHash()
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Verifying host xxx.xx.x.xx
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Preferred algorithm null
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Determine Algorithm
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Client Algorithms: [ssh-dss, ssh-rsa]
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Server Algorithms: [ssh-rsa, ssh-dss]
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Returning ssh-dss
DEBUG [TransportProtocolCommon] 24 Jul 2008 18:56:28.101 : Selected algorithm ssh-dss
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.101 : Signature length=55
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.101 : Header is ssh-dss
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.117 : Verifying host key signature
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.117 : Signature length is 40
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.117 : Signature: 7750C73208A1117991A7A58BECC1937E73878F274E6A88DB275B2CE5F9210C775C99105C57A66537
DEBUG [com.enterprisedt.net.j2ssh.transport.publickey.dsa.SshDssPublicKey] 24 Jul 2008 18:56:28.117 : Encoded: 302C02147750C73208A1117991A7A58BECC1937E73878F2702144E6A88DB275B2CE5F9210C775C99105C57A66537
DEBUG [SSHFTPValidator] 24 Jul 2008 18:56:28.148 : Denied xxx.xx.x.xx: Unknown host.
DEB

Answer 1

The message is "Denied xxx.xx.xx.xx: Unknown host. "

So for some reason it isn't getting registered correctly in the internal list.

Best to save the key in the file in a separate program, take a look to make sure it is all ok, and then try that file with addKnownHost.

At the very least, close the output stream before creating the input stream.

Answer 2

HI,
of course, the output stream closed, the line was accidentally deleted when removing internal debug lines :)
I'm running this one in debug, so I see the file was created and i see the key inside:
ssh-dss AAAAB3NzaC1kc3MAAACBAJIjAi6nPKtHHUjxKOnwwCPiqPRMcTjbkr...
it does not look like any key in the log. Is there some encryption or hash performing on it?
should i perform this first:
ftp.disableAllAlgorithms(SSHFTPAlgorithm.KEY_PAIR);
ftp.setAlgorithmEnabled(SSHFTPAlgorithm.KEY_DSA, true);
?
What do ypu mean by

So for some reason it isn't getting registered correctly in the internal list.

?
Who's internal list are you talking about? Internal list of SFTP Client? How can I verify this?

Thanks in advance

Answer 3

Try using saveKnownHosts("known_hosts").

This will enable you to inspect the internal list of known hosts which is saved to file.

Your public key file looks normal.

I expect a line of debug saying "Adding known host: xxx" which I don't see which is curious. Is that the entire code for your test?

Answer 4

Hi,
Actually, I'll have server public key as a string "ssh-dss AAAAB3NzaC1kc3MAAACBAJIjAi6nPKtHHUjxKOnwwCPiqPRMcTjbkrMzXelvj8keupZsGW93LJa+EKaleDFE2e1..."and not as file. Also I can't update "known_hosts" every time I receive new <host, public key> pair.
I thought I'll provide an input stream of the string to SSHFTPClient's validator using SSHFTPValidator.addKnownHost(java.lang.String hostName, java.io.InputStream publicKeyStream) .
I've tried this option at the beginning and it didnt work. I've got the same exception. So I was thinking, maybe my public key is of the wrong format and thats how the idea of <write_to_file_in_right_format -- read_from_file> came up :)

The code, I thought, suppose to work for me:

SSHFTPClient sftpClient = new SSHFTPClient();
sftpClient.setRemoteHost(host);
sftpClient.setAuthentication(userName, password);
ByteArrayInputStream strm = new ByteArrayInputStream(publicKey.getBytes());
sftpClient.getValidator().addKnownHost(host, strm); <--getting an exception


The log:
DEBUG [SSHFTPClient] 6 Aug 2008 17:26:10.332 : Created SFTP client.
DEBUG [SshPublicKeyFile] 6 Aug 2008 17:26:48.4 : Parsing public key file
DEBUG [SshPublicKeyFile] 6 Aug 2008 17:26:48.98 : Public key is not in the default format, attempting parse with other supported formats
DEBUG [SshPublicKeyFile] 6 Aug 2008 17:26:48.98 : Attempting SECSH-PublicKey-Base64Encoded
DEBUG [SshPublicKeyFile] 6 Aug 2008 17:26:48.98 : Attempting OpenSSH-PublicKey

com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException: Failed to read OpenSSH key format

For write_to_file-read_from_file case:

SSHFTPClient sftpClient = new SSHFTPClient();
sftpClient.setRemoteHost(host);
sftpClient.setAuthentication(userName, password);
File f = new File("V://tmp.pub");
FileOutputStream fout = new FileOutputStream(f);
SSHFTPClient.getHostPublicKey(host).write(fout, SSHFTPPublicKey.OPENSSH_FORMAT);
fout.close();
sftpClient.getValidator().addKnownHost(host, new FileInputStream(f)); <-- getting an exception here 2

The log was posted in previous message.

What could cause the problem and what is the OpenSSH format I should provide the public key in?

Thanks in advance

Answer 5

I'll try your code out and get back to you.

Answer 6

Ah, I suspect this is a bug in our code that has been fixed but not released (will be out in 2.0.2).

The OpenSSH parsing expects a comment after the key, so you need:

ssh-rsa AAAAB3NzaC1yc....= bruceb@myhost

(where it doesn't matter what the comment actually is).

Answer 7

Great, 10x!
And when should we expect 2.0.2?

Answer 8

We hope to release 2.0.2 at the end of August.